In association with heise online

03 August 2007, 12:50

Cross-site scripting vulnerability in Wordpress

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Five new vulnerabilities in the popular Wordpress blogging system are described by German security specialist Benjamin Flesch in his blog. However, four of the vulnerabilities require Wordpress admin privileges to be exploited, which considerably narrows down their scope. These include SQL injection and cross-site scripting vulnerabilities. In addition, Flesch reports a database bug which does not cause security issues, and another previously known vulnerability.

A cross-site scripting hole in the wp-admin/includes/upload.php file is the only bug that poses a higher risk. However, this has already been patched by Wordpress developers, although the patch has so far only been applied to the repositories. Due to insufficient filtering of the style parameter, JavaScript code can be injected and executed on the user’s system within the context of the Wordpress page. For the attack to be successful, however, the victim has to have at least authoring permissions in the blog.

The Wordpress worm publicised by Flesch turns out to be an interactive patch script written in JavaScript that exploits the cross-site scripting vulnerabilities described. Among other things, the script allegedly reads the _wpnonce credential to autonomously patch Wordpress and make other changes. Reports say the Wordpress worm is not yet fully developed, however, which is why users are still discouraged from executing this "helpful worm".

A Web 2.0 worm written in JavaScript completely crashed MySpace in late 2005 by embedding itself in generated invitations. When viewed by the invited person, the script re-executed itself to invite more friends. This MySpace worm was also spread via a cross-site scripting hole.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit