[Full-disclosure] Wordpress Cookie Authentication Vulnerability
XSS Worm XSS Security Information Portal
cross-site-scripting-security at xssworm.com
Tue Nov 20 16:48:06 GMT 2007
"A remote attacker, with read access to the password database can gain
administrator rights."
This also applies to many other blog software and also every system with a
password database.
--
Francesco Vaj [CISSP - GIAC]
Senior Content Manipulation Consultant
mailto:vaj at nospam.xssworm.com
aim: XSS Cross Site
XSS Worm: Cross Site Scripting Attacks
Wordpress Blog Password Hash Replay Information Portal (tm) 2007
http://www.XSSworm.com/
--
"Vaj, bella vaj."
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20071121/6883b156/attachment.html
Full-Disclosure is hosted and sponsored by Secunia.