News

5

WordPress Cross Domain Redirect

Posted by DK
July 11, 2007

Adrian Pastor sent us the following advisory titled, "WordPress Cross Domain Redirect". The vulnerability has been around for sometime, however, Adrian really demonstrates just how this feature can be used in a malicious way.
== Description ==
The login redirect feature of Wordpress can be abused for phishing
purposes.
The parameter ‘redirect_to’ usually contains the relative URL to where
the [...]

3

WordPress Path Disclosure Vulnerability

Posted by DK
July 11, 2007

XSSNews released a Path Disclosure Vulnerability affecting current releases of WordPress.
The proof of concept URL is as follows:

http://bld/wordpress/?feed=rss2&p=-1

This is a fairly low risk vulnerability in that it only leaks the WordPress path, however, what makes this vulnerability useful however, is that an attacker can use it to learn the WordPress database prefix, which if unknown, [...]

0

WordPress BlogWatch Updated

Posted by DK
July 9, 2007

BlogSecurity’s WordPress BlogWatch gives you a central location to check out the latest WordPress Vulnerabilities.

BlogWatch has been updated with some old and new vulnerabilities including the new wp-pass.php redirect vulnerability.
Please check BlogWatch for the updated WordPress vulnerability information.
If you see a vulnerability that we have not listed, please let us know via our Contact Form, [...]

19

wp-pass Redirect Vulnerability

Posted by DK
July 5, 2007

Nick Coblentz informed us of a WordPress redirect vulnerability he found in wp-pass.php and which may affect other areas of the application itself.
Proof of concept

http://vulnerable.blog/wordpress/wp-pass.php?_wp_http_referer=http://www.evilsite.com

Its interesting in that a similar vulnerability type like this was used to recently compromise the new Harry Potter book. This vulnerability allows an attacker to redirect a user to [...]

3

wp-scanner review

Posted by DK
July 3, 2007

Geof from gfmorris.wordpress.com gave wp-scanner such an awesome review that I just had to mention it, because he sheds light on exactly what wp-scanner is all about; I promise we didn’t pay him.
These are his words:

I’ve found BlogSecurity’s WordPress Scanner to be invaluable for me; I’ve recently brought a bunch of installs up to current, [...]

Previous Page
Next Page