Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 !

Vulnerability exploit the comment feature of Wordpress Blog. Following two Steps mentioned in Exploit.

Step 1: Post a comment to the target website.
Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is http://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6.

Get Complete Exploit Here

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.