[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] WordPress Persistent XSS
From: "David Kierznowski" <david.kierznowski () gmail ! com>
Date: 2006-12-30 17:33:51
Message-ID: f4cd4c010612300933u6158edf2y334594c11af233ef () mail ! gmail ! com
[Download RAW message or body]
Deepan,
Please see my most recent post:
http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/
David
On 30/12/06, Deepan <codeshepherd@gmail.com> wrote:
> On Wed, 2006-12-27 at 09:33 +0000, David Kierznowski wrote:
> > Vulnerability Title: WordPress Persistent XSS
> > Author: David Kierznowski
> > Homepage: http://michaeldaw.org
> > Software Vendor: WordPress Persistent XSS
> > Versions affected: Confirmed in v2.0.5 (latest)
> >
> > See homepage for more details.
> >
> > WordPress was contacted: 26/12/06 22:04 BST
> > Reply received: 27/12/06 06:11 BST
> > WordPress has fixed this for v2.0.6, see
> > http://trac.wordpress.org/changeset/4665
>
>
> Dont you need admin privileges to access the templates.php url ?
> I am overseeing anything ?
>
>
>
> --
> -----------------------------------------------
> Regards
> Deepan Chakravarthy N
> http://www.codeshepherd.com/
> http://sudoku-solver.net/
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic