Comments on: XSS vulnerabilities fixed in Wordpress 2.0.3

By: Light Blue Touchpaper » Oracle attack on Wordpress

Light Blue Touchpaper » Oracle attack on Wordpress — Thu, 22 Jun 2006 13:07:23 +0000

[...] This post describes the second of two vulnerabilities I found in Wordpress. The first, a XSS vulnerability, was described last week. While the vulnerability discussed here is applicable in fewer cases than the previous one, it is an example of a comparatively rare class, oracle attacks, so I think merits further exposition. [...]

By: Light Blue Touchpaper » Anatomy of an XSS exploit

Light Blue Touchpaper » Anatomy of an XSS exploit — Tue, 13 Jun 2006 08:27:23 +0000

[...] Last week I promised to follow up on a few XSS bugs that I found in Wordpress. The vulnerabilities are fixed in Wordpress 2.0.3, even though the release notes do not mention their existence. I think there are a number of useful lessons that can be drawn from them, so in this post I will describe some more details. [...]

By: ha.ckers.org security lab - Archive » XSS, Redirects and SEO

ha.ckers.org security lab - Archive » XSS, Redirects and SEO — Mon, 12 Jun 2006 22:48:13 +0000

[...] As a side note, I was talking with quadzilla from SEO Blackhat (who, btw, is running a SEO blackjact tournament for anyone who is interested) and he gave me another idea regarding XSS detection that I have been thinking about for quite a while. One of the major problems on the internet today is the fact that a ton of websites are running canned software with bugs in it (drupal, PHP-Nuke, Wordpress ,etc…). If you subscribe to some of the webappsec mailing lists you probably can see the sheer volume of new XSS exploits being discovered on a daily basis. It’s fairly trivial to use Google to detect which websites are running the software in particular (by searching by keywords used by that software), and then use the returned lists of sites to launch automated XSS attacks, to improve pagerank. Pretty scary, and pretty easy. [...]