SecurityGyan

Worpress 2.7.1 wp-comments-post.php XSS exploit

by Vinod Sharma on May.03, 2009, under MyHacks

XSS vulnerability exists in wp-comments-post.php file while submitting a comment form to this php script.

Step1:Insert XSS paylod into comment form and submit it.

payload: <#script>alert(String.fromCharCode(88,83,83))

Note:remove # character from starting script tag in payload to reproduce this vulnerability.

Step2: When other user view the infected page, it will result in exploitation.

wp_xss_poc

Severity is low because only a registered user can exploit this issue.


16,499 views

5 Comments for this entry

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Links

A few highly recommended links...

Archives

All entries, chronologically...