Zero Day Reflected Cross Site Scripting vulnerability in wordpress 3.3

Two Indian Security Experts : Aditya Modha & Samir Shah from from Net-Square Solutions reveals Zero Day Reflected Cross Site Scripting vulnerability in latest version of wordpress 3.3 !
Vulnerability exploit the comment feature of WordPress Blog. Following two Steps mentioned in Exploit.

Step 1: Post a comment to the target website.
Step 2: Replace the value of author tag, email tag, comment tag with the exact value of what has been post in the last comment. Change the value of comment_post_ID to the value of post (which can be known by opening that post and checking the value of p parameter in the url). For example the if the url is http://192.168.1.102/wordpress/?p=6 then the value of comment_post_ID is 6.
Get Complete Exploit Here
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s