Wordpress 2.12 XSS Fix

Posted March 22nd, 2007 by Mgccl
in

If you are using wordpress 2.12, you could get some XSS in your site
http://www.yourdomain.com/?year=xss%3C/title%3E%3Cbody%20onmousemove=document.write(document.cookie);%3E%3C/body%3E
Thx for Simon show me the code :hot:
The original post for this XSS are here from ChX Security

If it works, please what is shown below to temporarily fix it before Wordpress release a new version.
1.Find wp-includes/general-template.php
2.Find wp_title function
3. Find this

if(!empty($year)){
$title = $year;
}

4. Change into this

if(!empty($year)){
$year = (int)$year;
$title = $year;
}

Now the $year will be converted to an integer. No more XSS problem.


Bookmark/Search this post with:
  • Delicious
  • Digg
  • Reddit
  • Magnoliacom
  • Newsvine
  • Furl
  • Google
  • Yahoo
  • Technorati
  • Icerocket

[...] parecer esta nueva

On Mar/28/2007 14:50:49 » Blog Archive » Bug XSS en Wordpress 2.1.2 (not verified) says:

[...] parecer esta nueva actualización de wordpress ya esta dando sus primeros bugs, en este caso El problema radica en el tratamiento del parametro que indica el año a la hora de filtrar y compromete directamente la función wp_title() mediante XSS. Este xss nos da [...]

[...] El problema radica en

On Mar/27/2007 07:12:53 aNieto2K | Parche XSS para Wordpress 2.1.12 (not verified) says:

[...] El problema radica en el tratamiento del parametro que indica el año a la hora de filtrar y compromete directamente la función wp_title() mediante XSS. [...]

Post new comment

The content of this field is kept private and will not be shown publicly.
If you have a Gravatar account, used to display your avatar.
  • Allowed HTML tags: <img> <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <span> <fn>
  • Lines and paragraphs break automatically.
  • Textual smileys will be replaced with graphical ones.
  • You can enable syntax highlighting of source code with the following tags: <code>, <blockcode>. Beside the tag style "<foo>" it is also possible to use "[foo]".
  • Use [fn]...[/fn] (or <fn>...</fn>) to insert automatically numbered footnotes.

More information about formatting options

What is 16 + 18?
To combat spam, please solve the math question above.
Honey Pot that kill bots