Polaroid Photo

Bilder från Daniel Nylander.se

Daniel Nylander.se

Ubuntu, Debian, Translation Project, GNU, Linux, UNIX, VoIP, IT-Säkerhet, experiment, väl valda ord och delvis sinnesnärvaro

Välj ett ämne:

Apr '05

WordPress XSS and HTML injection

Det har hittats en sårbarhet i WordPress 1.5

WordPress is a popular blogging system built on PHP (the scripting language) and is licensed under the GPL. It is free software supported by a large and vibrant community of users. You can use WordPress as a stand-alone application to publish your web log, or incorporate its functionality into an existing site.

*Problem Description:
Bug is in the content and title of post, when not controlling the entrance of characters, being able to inject HTML code

Type in the title or content of post


<iframe src=http://othersite/sb.php>

Mer information och en workaround finns på:

Start discussion »

Skriv ett svar