[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-disclosure] Advisory - Redirection Vulnerability in wp-login.php.

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] Advisory - Redirection Vulnerability in wp-login.php.
From: Metaeye SG <contact@xxxxxxxxxxx>
Date: Tue, 20 Mar 2007 20:29:15 +0530

Vendor
------
Wordpress (http://www.wordpress.org).

Severity
--------
Moderate.

Dated
-----
03 March 2007.

Versions Affected
-----------------
All.

Issue
-----

The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.

For example if a user logins successfully with his credentials
on the following page

http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in

He will be redirected to www.google.co.in.

Impact
------

This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.

Vendor Status
-------------
Reported on 03 March 2007. Fix will be made available in next version.

--
MSG // http://www.metaeye.org

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Prev by Date: Re: [Full-disclosure] CISCO Phone 7940 DOS vulnerability
Next by Date: Re: [Full-disclosure] dkftpbench 0.45 (Platoon:init) Local buffer overflow vulnerability
Previous by thread: [Full-disclosure] Phishing site
Next by thread: [Full-disclosure] Mercur SP4 IMAPD
Index(es):
- Date
- Thread