XSS Vulnerability Fix!
I am the master, and the commander. lol
But anyways. First off, My Introduction.
My name is Anthony White. I’m an independent software engineer from South Carolina, USA. I’m also a former intern for SCEA. I’ve just downloaded WordPress “Strayhorn” v1.5.2, as of yesterday. Since then, I’ve already discovered and fixed an extremely important vulnerability!
I discovered on December 3rd, 2005, an XSS vulnerability located in the classes.php file located in sub-dir ‘wp-includes’. The var it affects is $q[‘s’] used for the Search functionality. The programming does NOT properly remove dangerous ASCII and HEX values that can be used in a malicious manner in an event of an XSS (cross site scripting) attack.
I have already developed a STABLE fix for this feature. Please, do yourself a favor, users. FIX IT!
[Moderated and code removed so it cannot be used irresponsibly. Anthony – thank you for the information. It has been passed to those that need it – Podz]
- The topic ‘XSS Vulnerability Fix!’ is closed to new replies.