Worpress 2.7.1 wp-comments-post.php XSS exploit
by Vinod Sharma on May.03, 2009, under MyHacks
XSS vulnerability exists in wp-comments-post.php file while submitting a comment form to this php script.
Step1:Insert XSS paylod into comment form and submit it.
payload: <#script>alert(String.fromCharCode(88,83,83))
Note:remove # character from starting script tag in payload to reproduce this vulnerability.
Step2: When other user view the infected page, it will result in exploitation.
Severity is low because only a registered user can exploit this issue.
16,499 views
May 4th, 2009 on 3:33 pm
Only users with the unfiltered_html capability can post unfiltered HTML markup or even Javascript code in pages, posts, and comments.
By default only the users in the roles admin or editor have this capability therefore there is no security bug at all cause only admins or editors (which are the two most highest roles in wordpress -by default-) and this users need to have this capability otherwise this users will be very limited specially cause they are normally the blog owners or well take a huge role on the wordpress powered site.
Regards
May 4th, 2009 on 4:57 pm
Hi,
Good finding.Keep the good work up.
Wish you all the best
Vikrant
June 23rd, 2009 on 8:03 am
Clever things, speaks)
January 7th, 2010 on 5:29 pm
nice detection man..
i was also find some xss vul’s.
okay keep it up
February 15th, 2010 on 12:08 am
Interesting, did you plan to continue this article?
Dolly