Beware of Cross-Site Scripting on all WordPress editions

A cross-site scripting vulnerability (XSS) has recently been released for the newer version of WordPress 4.2 (it works in all earlier versions) and can be exploited by a malicious user to run arbitrary code on the server.

The security flaw is still unpatched by the official distributor of the software and has already released the PoC freely online.wordpress

IGuRu.gr, as they know, uses Worrdpress. However, if you try cross-site scripting on our site you will be disappointed as our technical service has corrected the error three hours after its announcement.

An attacker exploiting the defect could take control of the target site by creating new administrator accounts. In addition to its current version WordPress 4.2, the 4.1.2, 4.1.1, and 3.9.3 versions are also affected.

The vulnerability was discovered by Jouko Pynnönen of Klikki Oy's research firm in Finland and is similar to that patched in WordPress 4.1.2 after it was reported to software developers by researcher Cedric Van Bockhaven about 14 months ago on February 23 2014.

Pynnönen's method targets WordPress's comments and how to cut a large text message (larger than 64KB), and the comment is stored in the database of the webpage.

Comments that are larger than 64KB are truncated through MySQL. Cropping the messages leads to errors in the HTML code on the page, and can be exploited by an attacker to add features to the supported HTML tags and submit malicious JavaScript code.

Pynnönen using the vulnerability managed to drop a exploit on the targeted website when the administrator tried to approve the comment. The researcher tested the vulnerability in MySQL versions 1.5.53 and 5.5.41.

Until the WordPress patch is released, webmasters running WorPress are advised not to approve any comments.

More technical details are available on the website Click vote.

Watch the video showing the defect (PoC):

iGuRu.gr The Best Technology Site in Greecefgns

every publication, directly to your inbox

Join the 2.097 registrants.

Written by giorgos

George still wonders what he's doing here ...

Leave a reply

Your email address is not published. Required fields are mentioned with *

Your message will not be published if:
1. Contains insulting, defamatory, racist, offensive or inappropriate comments.
2. Causes harm to minors.
3. It interferes with the privacy and individual and social rights of other users.
4. Advertises products or services or websites.
5. Contains personal information (address, phone, etc.).