WordPress ‘wp-comments-post.php’ Cross-Site Scripting Vulnerability
Informasi
Bugtraq ID: 35797
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 24 2009 12:00AM
Updated: Jul 27 2009 10:25PM
Credit: superfreakaz0rz
Vulnerable: WordPress WordPress 2.8.1
Not Vulnerable:
Diskusi
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
WordPress 2.8.1 is vulnerable; other versions may also be affected.
Eksploit
An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.
The following exploit code is available
Solusi
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
Sumber
securityfocus
Maaf nih kalau ngerepotin,,
Kayaknya link ku yang “Putra” salah,,
harusnya mengarah ke http://blogputra.com ..
tolong dibaikin ya ..
Thanks ,,
hwuahwua….
nggak kok. Udah nih.
Assalamualaikum Mas.,.,
Salam kenal,,
Blog nya bagus ,,
Boleh tukeran link nggak ..
Link dah kupasng di blogku ..
Link balik ya ..
Makasih ,,
wass,,
numpang promosi, mari bergabung di :
http://groups.google.com/group/blogger-purworejo
info lengkap di :
http://nurrahmanarif.wordpress.com/2009/09/17/milis-blogger-purworejo/
Assalaualaikum.,.,
maaf menggagu Link backnya mana ya,.,.,
Maaqf ganggu ni .,,.
Link backnya untuk anaktenggarong mana ya.,.,?
to Basir : maaf, baru add. Silakan cek
maap kayaknya salah tulis tuh, http://www.teakcenter.com
bukan http://www.teakcenter.com