oss-sec mailing list archives
Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator
From: Steffen Joeris <steffen.joeris () skolelinux de>
Date: Sat, 29 Nov 2008 00:48:47 +0100
Hi Jeremias On Fri, 28 Nov 2008 11:31:05 pm Jeremias Reith wrote:
On Nov 28, 2008, at 22:39 , Steffen Joeris wrote:Hia XSS vulnerability has been discovered in WordPress. Vendor info: http://wordpress.org/development/2008/11/wordpress-265/ Detailed information: http://www.securityfocus.com/archive/1/498652 (Note: It should be "prior to 2.6.5" in the summary)I might be off here, but doesn't the patch[0] create another XSS by removing wp_specialchars? Cheers Steffen [0]: http://trac.wordpress.org/changeset?old_path=tags%2F2.6.3&old=&new_path=t ags%2F2.6.5&new=Looks fine to me. You probably missed that the added clean_url() is applied on the entire URL instead of wp_specialchars() to REQUSET_URI.
Yeah you're right and it appears that clean_url takes care of all the bad characters. However, I am still wondering why upstream doesn't use htmlspecialchars(). :) Cheers Steffen
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE requset: WordPress XSS vulnerability in RSS Feed Generator Jeremias Reith (Nov 26)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Steven M. Christey (Nov 28)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Steffen Joeris (Nov 28)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Jeremias Reith (Nov 28)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Steffen Joeris (Nov 28)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Jeremias Reith (Nov 28)
- Re: CVE requset: WordPress XSS vulnerability in RSS Feed Generator Steven M. Christey (Nov 28)