Worpress 2.7.1 wp-comments-post.php XSS exploit
by Vinod Sharma on May.03, 2009, under MyHacks
XSS vulnerability exists in wp-comments-post.php file while submitting a comment form to this php script.
Step1:Insert XSS paylod into comment form and submit it.
payload: <#script>alert(String.fromCharCode(88,83,83))
Note:remove # character from starting script tag in payload to reproduce this vulnerability.
Step2: When other user view the infected page, it will result in exploitation.
Severity is low because only a registered user can exploit this issue.
4,292 views
May 4th, 2009 on 3:33 pm
Only users with the unfiltered_html capability can post unfiltered HTML markup or even Javascript code in pages, posts, and comments.
By default only the users in the roles admin or editor have this capability therefore there is no security bug at all cause only admins or editors (which are the two most highest roles in wordpress -by default-) and this users need to have this capability otherwise this users will be very limited specially cause they are normally the blog owners or well take a huge role on the wordpress powered site.
Regards
May 4th, 2009 on 4:57 pm
Hi,
Good finding.Keep the good work up.
Wish you all the best
Vikrant
June 23rd, 2009 on 8:03 am
Clever things, speaks)