GoFuckYourself.com - Adult Webmaster Forum - View Single Post - Wordpress 2.2.1 extremely vulnerabe to XSS

StarkReality · 08-02-2007, 05:50 AM

If you are running wordpress 2.2.1, everybody could inject links, post, delete stuff, this exploit basically gives full admin rights !

http://mybeni.rootzilla.de/mybeNi/20...rst_blog_worm/

Pay attention to "7.", that's what you have to worry about, the attack needs no authentication at all and your blog can be hijacked in a minute.

08-02-2007, 05:50 AM
StarkReality Confirmed User Join Date: May 2004 Location: 4 8 15 16 23 42 Posts: 4,444	Wordpress 2.2.1 extremely vulnerabe to XSS - Warning If you are running wordpress 2.2.1, everybody could inject links, post, delete stuff, this exploit basically gives full admin rights ! http://mybeni.rootzilla.de/mybeNi/20...rst_blog_worm/ Pay attention to "7.", that's what you have to worry about, the attack needs no authentication at all and your blog can be hijacked in a minute.