Re: [Full-disclosure] WordPress Persistent XSS
Deepan, Please see my most recent post: http://michaeldaw.org/md-hacks/wordpress-templatephp-exploit/ David On 30/12/06, Deepan <[EMAIL PROTECTED]> wrote: > On Wed, 2006-12-27 at 09:33 +, David Kierznowski wrote: > > Vulnerability Title: WordPress Persistent XSS > > Author: David Kierznowski > > Homepage: http://michaeldaw.org > > Software Vendor: WordPress Persistent XSS > > Versions affected: Confirmed in v2.0.5 (latest) > > > > See homepage for more details. > > > > WordPress was contacted: 26/12/06 22:04 BST > > Reply received: 27/12/06 06:11 BST > > WordPress has fixed this for v2.0.6, see > > http://trac.wordpress.org/changeset/4665 > > > Dont you need admin privileges to access the templates.php url ? > I am overseeing anything ? > > > > -- > --- > Regards > Deepan Chakravarthy N > http://www.codeshepherd.com/ > http://sudoku-solver.net/ > > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] WordPress Persistent XSS
On Wed, 2006-12-27 at 09:33 +, David Kierznowski wrote: > Vulnerability Title: WordPress Persistent XSS > Author: David Kierznowski > Homepage: http://michaeldaw.org > Software Vendor: WordPress Persistent XSS > Versions affected: Confirmed in v2.0.5 (latest) > > See homepage for more details. > > WordPress was contacted: 26/12/06 22:04 BST > Reply received: 27/12/06 06:11 BST > WordPress has fixed this for v2.0.6, see > http://trac.wordpress.org/changeset/4665 Dont you need admin privileges to access the templates.php url ? I am overseeing anything ? -- --- Regards Deepan Chakravarthy N http://www.codeshepherd.com/ http://sudoku-solver.net/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] WordPress Persistent XSS
Vulnerability Title: WordPress Persistent XSS Author: David Kierznowski Homepage: http://michaeldaw.org Software Vendor: WordPress Persistent XSS Versions affected: Confirmed in v2.0.5 (latest) See homepage for more details. WordPress was contacted: 26/12/06 22:04 BST Reply received: 27/12/06 06:11 BST WordPress has fixed this for v2.0.6, see http://trac.wordpress.org/changeset/4665 ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/