I found some XSS
http://somesite.com/?tag='"><script>alert(1)</script>
and the samething work with ?cat= ?m=
and I would like to know how to go about fixing it?
i'm not sure if this is a hole in WP or my Theme
I found some XSS with ?tag= (11 posts)
-
etardwebcam
Posted 1 year ago # -
Posted 1 year ago #ok but I was not hacked this is the work of some dumb coder not dong this job.
-
Posted 1 year ago #so I ask agan
http://somesite.com/?tag='"><script>alert(1)</script>
I would like to know how to go about fixing it.
but I'm not sure if this is a hole in WP or my Theme?
is any one out there running wp 3.0.1 getting this xss? -
never seen it except when hacked
do you have an example link? -
Posted 1 year ago #yeah but i really dont want to post it on here -_-
i also found somemore
http://somesite.com/?tag='"><script>alert(1)</script>
http://somesite.com/?cat='"><script>alert(1)</script>
http://somesite.com/?m='"><script>alert(1)</script>
http://somesite.com/?s='"><script>alert(1)</script>
http://somesite.com/?page_id='"><script>alert(1)</script>
http://somesite.com/?author='"><script>alert(1)</script>so what your saying is someone hacked me & made it so the XSS works with tag,cat,m,page_id,author
i dont think i was hacked its got to be a bad plugin or theme
I'm running Atahualpa theme 3.5.3 -
i dont think i was hacked its got to be a bad plugin or theme
I'm running Atahualpa theme 3.5.3
that's easily tested
deactivate all plugins and test
switch to twenty ten theme and test -
Posted 1 year ago #I did it & found out its Global Translator Version 1.3.2
I need to some how get a hold of the maker
or can you do that? -
No, we don't have any special developer contacting powers. You'll have to contact him.
You did the right thing by posting here:
http://wordpress.org/support/topic/xss-attack-found-in-global-translator-132
-
Posted 1 year ago #yeah I did not know if Samuel B
had some way of getting a hold of him faster.
all I do know is the maker of that plugin is not easy to get a hold of
& Global Translator is not the kind of plugin I can go with out.
if I do I will piss off google when all the many translated pages start to not show up if I have the plugin off.p.s.
Thanks for all of your help everyone ;) -
Hi, well good job I guess - hate to see a plugin hack
might try an earlier version to see if it's vulnerable
http://wordpress.org/extend/plugins/global-translator/download/you can contact author here
http://www.n2h.it/contatti/
I think he would be very interested to know about this
Topic Closed
This topic has been closed to new replies.
