WordPress2.0.0-autorswebsite.txt

`>>>>original advisory<<<<<  
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14  
>>>>><<<<<>>>>>><<<<<>>>>  
——————-Summary—————-  
Software: WordPress  
Sowtware’s Web Site: http://www.wordpress.org  
Versions: 2.0.0  
Class: Remote  
Status: Unpatched  
Exploit: Available  
Solution: Available  
Discovered by: <strong>imei addmimistrator</strong>  
Risk Level: <strong>Low</strong>  
—————–Description—————  
There is some security bug in most poweful and common Blog Software, WordPress 2.0.0 (latest version) that allows attacker performe an <strong>XSS</strong> attack.<!--more--> bug is in result of poor checking quotations for user suplied variables in author's website for not logged in users.  
————–Exploit———————-  
Here is an example, but a good scenario can exploit better.  
goto a post,comment section  
fill all fields correctly, but <strong>author's website</strong>:  
<strong>" onfocus="alert(1)" onblur="alert(1)</strong>  
note to first coutation and loosed qoutation at end {for good exploit}  
any user that want to fill author website's field an alert will show;  
————–Solution———————  
Disable Comments for posts while vendor not provided patch.  
————–Credit———————–  
Discovered by: imei addmimistrator  
addmimistrator(4}gmail(O}com  
www.myimei.com  
security.myimei.com  
`