Comments on: WordPress Cross Domain Redirect

By: Abel Cheung

Abel Cheung — Wed, 18 Jul 2007 18:00:10 +0000

Sadly fixing this kind of hole would also likely hinder other legitimate use. For example, OpenID project depends largely on cross-domain redirection.

By: Кросс-доменная уязвимость в WordPress » Russian Hosting Blog или хостинг по-русски

Fri, 13 Jul 2007 12:32:28 +0000

[...] Оригинал (на англ.) Если Вам понравилась эта статья, подпишитесь на мой RSS-фид [...]

By: Adrian Pastor

Adrian Pastor — Thu, 12 Jul 2007 13:30:16 +0000

Thanks Dave!

Another example would be to redirect the victim to a website that exploits the latest vulnerabilities on IE/FF in order to install malware.

I personally think that cross-domain redirects can be very handy for attackers, especially when the domain that has the redirect feature belongs to a trusted brand name.

By: Del.icio.us bookmarks: Juli 11th | Bloganbieter.de Blog

Del.icio.us bookmarks: Juli 11th | Bloganbieter.de Blog — Thu, 12 Jul 2007 12:38:58 +0000

[...] BlogSecurity » WordPress Cross Domain Redirect – [...]

By: David Kierznowski

David Kierznowski — Thu, 12 Jul 2007 09:40:15 +0000

Adrian, I think this is a nice proof of concept advisory for most redirect vulnerabilities, nicely done.