Archive for July, 2007

5

WordPress Cross Domain Redirect

Posted by DK
July 11, 2007

Adrian Pastor sent us the following advisory titled, "WordPress Cross Domain Redirect". The vulnerability has been around for sometime, however, Adrian really demonstrates just how this feature can be used in a malicious way.
== Description ==
The login redirect feature of Wordpress can be abused for phishing
purposes.
The parameter ‘redirect_to’ usually contains the relative URL to where
the [...]

3

WordPress Path Disclosure Vulnerability

Posted by DK
July 11, 2007

XSSNews released a Path Disclosure Vulnerability affecting current releases of WordPress.
The proof of concept URL is as follows:

http://bld/wordpress/?feed=rss2&p=-1

This is a fairly low risk vulnerability in that it only leaks the WordPress path, however, what makes this vulnerability useful however, is that an attacker can use it to learn the WordPress database prefix, which if unknown, [...]

0

WordPress BlogWatch Updated

Posted by DK
July 9, 2007

BlogSecurity’s WordPress BlogWatch gives you a central location to check out the latest WordPress Vulnerabilities.

BlogWatch has been updated with some old and new vulnerabilities including the new wp-pass.php redirect vulnerability.
Please check BlogWatch for the updated WordPress vulnerability information.
If you see a vulnerability that we have not listed, please let us know via our Contact Form, [...]

19

wp-pass Redirect Vulnerability

Posted by DK
July 5, 2007

Nick Coblentz informed us of a WordPress redirect vulnerability he found in wp-pass.php and which may affect other areas of the application itself.
Proof of concept

http://vulnerable.blog/wordpress/wp-pass.php?_wp_http_referer=http://www.evilsite.com

Its interesting in that a similar vulnerability type like this was used to recently compromise the new Harry Potter book. This vulnerability allows an attacker to redirect a user to [...]

1

Blogging – are you helping the bad guys?

Posted by DK
July 5, 2007

BlogSecurity introduces an article by Sarah Turner:
Sarah Turner is a BA Hons in Business Studies and currently works as a Marketing Manager; she has speciliased in the IT security sector for almost 2 years.

Blogging can be a great way for individuals to express their thoughts and feelings or offer advice or share ideas on various [...]

Previous Page
Next Page