Wordpress Template.PHP HTML Injection Vulnerability
BID:21782
Info
Wordpress Template.PHP HTML Injection Vulnerability
| Bugtraq ID: | 21782 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-6808 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 27 2006 12:00AM |
| Updated: | Jan 16 2007 09:40PM |
| Credit: | David Kierznowski is credited with the discovery of this vulnerability. |
| Vulnerable: |
WordPress Wordpress (B2) 0.6.2 .1 WordPress Wordpress (B2) 0.6.2 WordPress WordPress 2.0.5 WordPress WordPress 2.0.4 WordPress WordPress 2.0.3 WordPress WordPress 2.0.2 WordPress WordPress 2.0.1 WordPress WordPress 2.0 WordPress WordPress 1.5.2 WordPress WordPress 1.5.1 .3 WordPress WordPress 1.5.1 .2 WordPress WordPress 1.5.1 WordPress WordPress 1.5 WordPress WordPress 1.2.2 WordPress WordPress 1.2.1 WordPress WordPress 1.2 WordPress WordPress 0.71 WordPress WordPress 0.7 Gentoo Linux |
| Not Vulnerable: |
WordPress WordPress 2.0.6 |
Discussion
Wordpress Template.PHP HTML Injection Vulnerability
Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 2.0.6 are vulnerable to this issue.
Wordpress is prone to an HTML-injection scripting vulnerability because the application fails to properly sanitize user-supplied input.
Attacker-supplied HTML and script code would execute in the context of the affected site, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.
Versions prior to 2.0.6 are vulnerable to this issue.
Exploit / POC
Wordpress Template.PHP HTML Injection Vulnerability
An attacker can exploit this issue through a web client.
The following proofs of concept are available:
An attacker can exploit this issue through a web client.
The following proofs of concept are available:
Solution / Fix
Wordpress Template.PHP HTML Injection Vulnerability
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
Solution:
The vendor has released an update to address this issue. Please see the references for more information.
References
Wordpress Template.PHP HTML Injection Vulnerability
References:
References:
- Wordpress Changeset 4665 (Wordpress)
- Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability (Sammy Forgit)
- WordPress Persistent XSS (David Kierznowski)
- Wordpress template.php Exploit (David Kierznowski)