Posts Tagged “XSS”

About Cross Site Scripting is currently often read about. It’s no wonder as each day new Webservices appear to catch some fame and traffic of web 2.0. Often they push the product out of the pipe as soon as possible, the security is in this moment just secondary( if they care even about it). After the release of the product, the motivation to hunt XSS flaws is minimal( I know this for myself on bug hunting). And when you send them an Email about it, it seems from time to time that they don’t even care about them when they get notified about some XSS flaw(see http://milw0rm.com for what I mean).

What are XSS flaws

As about XSS flaws is already often enough written I’ll keep this short. A XSS flaw occurs if a PHP script(or some other scripting language) uses an User submission without further checking, or a checking is based on Client side Verifications through JavaScript or similar. This submitted code is then Outputted to the User again. Where the JavaScript can read out cookies and send them to an attacker.

Persistent and Non-Persisten XSS

Read the rest of this entry »

Tags: none

Tags: Cross Site Scripting, Vulnerable code, XSS

Comments No Comments »

As I just read over at heise.de Security(german), a good collection for Security News, a Cross Site Scripting(XSS) hole exist in many templates for WordPress. Affected templates are such popular ones as k2 as well as the classic one.

The problem occurs for many templates which use custom 404 Error pages. Most of these templates which use Error pages, don’t check the variable $_SERVER['PHP_SELF'] for html special chars. Therefore you can perform XSS attacks.
To see if your template is also affected visit this URL

http://www.example.com/index.php/”><script>alert(document.cookie)</script>

If you see an Javascript Popup (activated Javascript assumed) your Template is affected.
Check searchform.php and sidebar.php for:

action=”< ?php echo $_SERVER['PHP_SELF']; >”

Replace it with:

action=”< ?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>”

The original Bug report was posted at Bugtraq

Tags: none
Tags: Template, Theme, Wordpress, XSS

Comments No Comments »

Bad Behavior has blocked 18243 access attempts in the last 7 days.