The Hacker News Reader! Get Free THN MAGAZINE, Most Informative IT Security Magazine [ Download Here ]

Subscribe to Security Updates !!

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Categories: , , ,
Posted by THN Reporter On 1/03/2012 12:04:00 PM

Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 !

Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit.

Step 1: Post a comment to the target website.
Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is http://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6.

Get Complete Exploit Here

Let us know what you think, learn, and hope for! Connect With us on Google+ , Twitter and Facebook.

Share This news with your friends on Facebook/Twitter/Forums


If you enjoyed The Hacker News, Make sure you subscribe to our RSS feed. Stay Updated about latest Security threats, Hacking threads & IT Issues from all over the world.!
The content of This News Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3 and Other Information is provided by Various Sources (Emails, Messages, etc..) for Educational Purpose & Security Awareness only. Please Feel free to Contact Us. Thank You !

Loading
Twitter Delicious Facebook Digg Stumbleupon Favorites More