Comments on: 2 vanilla XSS on Wordpress ‘wp-register.php’ http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp Always something worth reading... Fri, 12 Mar 2010 11:09:45 +0000 http://wordpress.org/?v= hourly 1 By: MustLive http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-4070 MustLive Sun, 28 Oct 2007 15:29:36 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-4070 David, as I just found, you have restrictions in your comments. You are fun guy with fun site. When posting a comment I found that you have some limits with comment's text. It's possible or some bug in engine or some incorrect settings - because it's unserious settings, I can't post even a small message :-). You need to fix it. And take care about your site and its comments, so every part of site will work correctly. About my holes in WP. Besides a lot of holes in WP plugins, I also have some holes in WordPress (in main WP bundle). Some holes concerning old WP versions (and possible new) with some requirements, and one hole concern possible all version of WP (including last). With this hole it's possible to hack every WP site (it's mega hole). This vuln is tricky to use, but can hack possibly all WP sites (it has some requirements, but they can be achieved and even improved with using some previous holes). With this complex attack every site on WP is in danger. Using WordPress is like a sitting on mine. So take care of your sites. The disclosure will in future. After November, which will the very hot month. David, as I just found, you have restrictions in your comments. You are fun guy with fun site. When posting a comment I found that you have some limits with comment’s text. It’s possible or some bug in engine or some incorrect settings – because it’s unserious settings, I can’t post even a small message :-). You need to fix it. And take care about your site and its comments, so every part of site will work correctly.

About my holes in WP. Besides a lot of holes in WP plugins, I also have some holes in WordPress (in main WP bundle). Some holes concerning old WP versions (and possible new) with some requirements, and one hole concern possible all version of WP (including last). With this hole it’s possible to hack every WP site (it’s mega hole). This vuln is tricky to use, but can hack possibly all WP sites (it has some requirements, but they can be achieved and even improved with using some previous holes). With this complex attack every site on WP is in danger. Using WordPress is like a sitting on mine. So take care of your sites. The disclosure will in future. After November, which will the very hot month.

]]> By: Philipp http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1553 Philipp Thu, 04 Oct 2007 21:08:27 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1553 @MustLive, thanks for letting us know. But one major Problem of the Internet is, that there's no central place for Disclosures or anything else. Many people try to get into some spotlight with their Service... And please forgive us that we can't check all Disclosure Websites for already published disclosures. Especially none out of our language knowledge, And as we didn't found anything on Wordpress we supposed that flaw to be unknown, or silently fixed. We're planning to do something like a Month of Wordpress Bugs(although for Plugins), so If you like we could do some joint venture. @MustLive, thanks for letting us know. But one major Problem of the Internet is, that there’s no central place for Disclosures or anything else. Many people try to get into some spotlight with their Service…
And please forgive us that we can’t check all Disclosure Websites for already published disclosures. Especially none out of our language knowledge, And as we didn’t found anything on Wordpress we supposed that flaw to be unknown, or silently fixed.
We’re planning to do something like a Month of Wordpress Bugs(although for Plugins), so If you like we could do some joint venture.

]]> By: David Kierznowski http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1552 David Kierznowski Thu, 04 Oct 2007 21:04:00 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1552 MustLive, thanks for letting us know. If you want to do joint-releases with BlogSecurity regarding any of your future findings let us know man. Nice work. MustLive, thanks for letting us know. If you want to do joint-releases with BlogSecurity regarding any of your future findings let us know man. Nice work.

]]> By: MustLive http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1550 MustLive Thu, 04 Oct 2007 20:50:23 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1550 Guys. From those holes that I found in WordPress, there is also one such XSS holes, besides these XSS holes in wp-register.php, which I found in WordPress MultiUser (and it's similar hole). It may be interesting for you. As I wrote at my site http://websecurity.com.ua/1269/ - the hole (which I found at 06.11.2006) is in WordPress MultiUser 1.0 (and below). XSS is in wp-newblog.php script in Username field. And as I tested in WP MU 1.1.1 this hole was fixed. About these holes in WP and WP MU I didn't inform WP developers (just disclosed at my site), because had not time for that and the holes was already fixed at time when I posted about them. But I planning to write about these holes to developers (to make them aware about a lot holes in their software - like I regularly inform them about holes in WP). P.S. There are some interesting holes in WP, which I found in June 2007 (and holes in some WP plugins which I found in 2006) which I planned to disclose in near future. And I'll inform developers. Just wait until time will come. Take care about your WP sites. Guys.

From those holes that I found in WordPress, there is also one such XSS holes, besides these XSS holes in wp-register.php, which I found in WordPress MultiUser (and it’s similar hole). It may be interesting for you.

As I wrote at my site http://websecurity.com.ua/1269/ – the hole (which I found at 06.11.2006) is in WordPress MultiUser 1.0 (and below). XSS is in wp-newblog.php script in Username field. And as I tested in WP MU 1.1.1 this hole was fixed.

About these holes in WP and WP MU I didn’t inform WP developers (just disclosed at my site), because had not time for that and the holes was already fixed at time when I posted about them. But I planning to write about these holes to developers (to make them aware about a lot holes in their software – like I regularly inform them about holes in WP).

P.S.

There are some interesting holes in WP, which I found in June 2007 (and holes in some WP plugins which I found in 2006) which I planned to disclose in near future. And I’ll inform developers. Just wait until time will come. Take care about your WP sites.

]]> By: BlogSecurity » WordPress BlogWatch http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1301 BlogSecurity » WordPress BlogWatch Tue, 25 Sep 2007 17:25:27 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1301 [...] wp_register XSS through user_email parameter (more) [...] [...] wp_register XSS through user_email parameter (more) [...]

]]> By: Adrian Pastor http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1255 Adrian Pastor Sun, 23 Sep 2007 17:39:48 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1255 Daniel, Although WP is a great product functionality wise, security is <i>not</i> a priority for the developers of the project (IMO). Daniel,

Although WP is a great product functionality wise, security is not a priority for the developers of the project (IMO).

]]> By: Daniel http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1251 Daniel Sun, 23 Sep 2007 12:44:13 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1251 It's disgusting that this kind of vulnerability even existed in the first place. Is it me or do WP developers just not give a shit about security? It’s disgusting that this kind of vulnerability even existed in the first place.

Is it me or do WP developers just not give a shit about security?

]]> By: David Kierznowski http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1220 David Kierznowski Sat, 22 Sep 2007 02:05:05 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1220 No worries, late night brain power :) No worries, late night brain power :)

]]> By: Adrian Pastor http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1217 Adrian Pastor Fri, 21 Sep 2007 23:14:00 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1217 David, Just wanted to make sure you typed what you meant. I know it's late on a Friday, so it's easy to make typos :-D David,

Just wanted to make sure you typed what you meant. I know it’s late on a Friday, so it’s easy to make typos :-D

]]> By: Adrian Pastor http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/comment-page-1#comment-1216 Adrian Pastor Fri, 21 Sep 2007 23:12:30 +0000 http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp/#comment-1216 FYI, just tested it on 1.5.1.1 and it IS vulnerable as well. FYI,

just tested it on 1.5.1.1 and it IS vulnerable as well.

]]>