Home > Hacking > WordPress ‘wp-comments-post.php’ Cross-Site Scripting Vulnerability

WordPress ‘wp-comments-post.php’ Cross-Site Scripting Vulnerability

Informasi

Bugtraq ID: 35797
Class: Input Validation Error
CVE:
Remote: Yes
Local: No
Published: Jul 24 2009 12:00AM
Updated: Jul 27 2009 10:25PM
Credit: superfreakaz0rz
Vulnerable: WordPress WordPress 2.8.1
Not Vulnerable:

Diskusi

WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.

WordPress 2.8.1 is vulnerable; other versions may also be affected.

Eksploit

An attacker can exploit this issue by enticing an unsuspecting user to follow a malicious URI.

The following exploit code is available

* /data/vulnerabilities/exploits/35797.txt

Solusi

Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.

Sumber
securityfocus

  1. September 16th, 2009 at 09:10 | #1
    Using Mozilla Firefox Mozilla Firefox 3.5.3 on Windows Windows XP

    Maaf nih kalau ngerepotin,,
    Kayaknya link ku yang “Putra” salah,,
    harusnya mengarah ke http://blogputra.com ..
    tolong dibaikin ya ..
    Thanks ,,

  2. September 16th, 2009 at 12:36 | #2
    Using Opera Opera 9.24 on Windows Windows XP

    hwuahwua….
    nggak kok. Udah nih. 🙂

  3. September 17th, 2009 at 20:50 | #3
    Using Mozilla Firefox Mozilla Firefox 3.0.13 on Windows Windows XP

    Assalamualaikum Mas.,.,
    Salam kenal,,
    Blog nya bagus ,,
    Boleh tukeran link nggak ..
    Link dah kupasng di blogku ..
    Link balik ya ..
    Makasih ,,
    wass,, 😀

  4. September 18th, 2009 at 03:36 | #4
    Using Mozilla Firefox Mozilla Firefox 3.5.3 on Windows Windows XP

    numpang promosi, mari bergabung di :
    http://groups.google.com/group/blogger-purworejo
    info lengkap di :
    http://nurrahmanarif.wordpress.com/2009/09/17/milis-blogger-purworejo/

  5. October 1st, 2009 at 09:13 | #5
    Using Mozilla Firefox Mozilla Firefox 3.0.14 on Windows Windows XP

    Assalaualaikum.,.,
    maaf menggagu Link backnya mana ya,.,.,

  6. October 7th, 2009 at 09:32 | #6
    Using Mozilla Firefox Mozilla Firefox 3.0.8 on Windows Windows XP

    Maaqf ganggu ni .,,.
    Link backnya untuk anaktenggarong mana ya.,.,?

  7. October 15th, 2009 at 11:56 | #7
    Using Mozilla Firefox Mozilla Firefox 2.0.0.20 on Windows Windows XP

    to Basir : maaf, baru add. Silakan cek 😀

  8. November 14th, 2009 at 07:40 | #8
    Using Mozilla Firefox Mozilla Firefox 3.5.4 on Ubuntu Linux Ubuntu Linux

    maap kayaknya salah tulis tuh, http://www.teakcenter.com
    bukan http://www.teakcenter.com

  1. No trackbacks yet.

*

Bad Behavior has blocked 796 access attempts in the last 7 days.