>>>>original advisory<<<<<
http://myimei.com/security/2006-02-15/wordpress200autors-websitexss-attack.html#more-14
>>>>><<<<<>>>>>><<<<<>>>>
——————-Summary—————-
Software: WordPress
Sowtware’s Web Site: http://www.wordpress.org
Versions: 2.0.0
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Available
Discovered by: imei addmimistrator
Risk Level: Low
—————–Description—————
There is some security bug in most poweful and common Blog Software, WordPress 2.0.0 (latest version) that allows attacker performe an XSS attack. bug is in result of poor checking quotations for user suplied variables in author's website for not logged in users.
————–Exploit———————-
Here is an example, but a good scenario can exploit better.
goto a post,comment section
fill all fields correctly, but author's website:
" onfocus="alert(1)" onblur="alert(1)
note to first coutation and loosed qoutation at end {for good exploit}
any user that want to fill author website's field an alert will show;
————–Solution———————
Disable Comments for posts while vendor not provided patch.
————–Credit———————–
Discovered by: imei addmimistrator
addmimistrator(4}gmail(O}com
www.myimei.com
security.myimei.com