Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Q and A for any cross site scripting information. Feel free to ask away. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
Pages: Previous12
Current Page: 2 of 2
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 15, 2007 12:20PM

What's the exploit?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: WhiteAcid
Date: March 15, 2007 12:25PM

@rsnake:
index.php/>"><ScRiPt>alert(1636757329)</ScRiPt>

@xknown:
You got the above line to work on the latest WP?

Don't forget our IRC: irc://irc.irchighway.net/#slackers
-WhiteAcid - your friendly, very lazy, web developer

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: xknown
Date: March 15, 2007 01:29PM

@WhiteAcid:
It depends of the permalink structure of the WP installation, for example every blog that has no "nice urls" it is affected by this bug (posts pagination)

But there's other vector that affect to all versions of WP (including the trunk) and allows to bypass the WP's CSRF protection. The "exploit" I talked about in my last comment is (it uses the default template as an example):
http://www.buayacorp.com/files/wordpress/wordpress-theme-exploit.txt

The "exploit" abuses this vulnerable code from vars.php:

if (preg_match('#([^/]+.php)#', $PHP_SELF, $self_matches)) {
$pagenow = $self_matches[1];
}



Edited 2 time(s). Last edit at 03/15/2007 01:36PM by xknown.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: nn
Date: March 20, 2007 02:57PM

Hi,

I reported this issue alreay on 31.11.2006 to security@wordpress.org. Wordpress does not respond to this ...

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: nn
Date: March 20, 2007 03:07PM

There is another XSS in all wordpress versions:

/wp-admin/page-new.php?saved="><script>alert(123)</script>

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: jungsonn
Date: March 20, 2007 03:14PM

Yeah at the admin side, I did not run a scan there since I thought one must have the proper user credentials.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 20, 2007 03:53PM

Hmm... it looks HTML encoded to me... should it pop up immediately or is there some other circumstance where that is used?

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: nn
Date: March 21, 2007 05:55AM

Yes, the alert should pop up immediately.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: Anonymous User
Date: March 21, 2007 07:47AM

Two more from WordPress:

http://www.securityfocus.com/bid/22534/
http://www.securityfocus.com/bid/22735/

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 21, 2007 09:18PM

Whew! I've been diverging the code more and more and both of those I had found and fixed. Dodged a few bullets there!

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Date: March 24, 2007 11:52PM

This isn't XSS and possibly dumb but can make any page on the forum have an unprofessional feel.
(page is over 10 screens wide)

ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.vThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.ThisCanBePreventedWithOverflow-x:hidden;inCSSifYouDontCareAboutValidation.

Edit: Oops, I thought this thread was for sla.ckers.org. Sorry.



Edited 6 time(s). Last edit at 03/25/2007 12:36AM by digitalIllusionism.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 25, 2007 08:31PM

That's actually by design so that you can put code on the page without putting linebreaks into it. I'm not too worried about keeping it professional looking. That's not really the point of the forums. :) But yes, it's kinda annoying looking.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Date: March 26, 2007 12:01AM

lol

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: jungsonn
Date: March 26, 2007 12:44AM

Yeh it is, as a developer it's really annoying when people mess up your your layout like this. A sollution I used many times is to break the string of after a certain word length, but this is obviously one word. So another approach was to count the chars and insert a linebreak after the amount of chars allowed on a line.

In the end I got a better sollution by just writing a
<div style="width:500px">content</div>

and sloving the issue.

:)

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: hackathology
Date: March 26, 2007 12:56AM

Thats a nice one jungsonn

http://hackathology.blogspot.com

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Date: March 26, 2007 01:25AM

I occasionally run into stretching problems on my own site even with a fixed width when a string of text contains an HTML entity for a character where the word should begin to wrap. Then it seems I have no choice but to use a line break.


Awesome AnDrEw - That's The Sound Of Your Brain Crackin'
http://www.awesomeandrew.net/

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 26, 2007 11:23AM

I guess I could always throw everything into a textarea... but I think that would be way more annoying than the mild annoyance of having a horizontal scrollbar in the rare case where there is a string that long. I've seen this happen before with ultra long strings used in code, but I'd rather keep it one line so it's easy to cut and paste.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: hasse
Date: March 26, 2007 12:20PM

Well at least the other posts aren't expanded to the right too, like in many other forums.

EDIT: Right!



Edited 1 time(s). Last edit at 03/27/2007 06:25AM by hasse.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: trev
Date: March 26, 2007 05:59PM

RSnake: You have also overflow:auto as an option - then you will only have a horizontal scrollbar on the message and not on the whole page. Not sure whether this is less annoying though.

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: hackathology
Date: March 27, 2007 12:42AM

trev, i dont think that is annoying. I dunno if it is the same to others.

http://hackathology.blogspot.com

Options: ReplyQuote
Re: ha.ckers.org XSSed...
Posted by: rsnake
Date: March 29, 2007 09:17PM

I'm leaving it as is. It just doesn't seem worth it to mess with, when it doesn't really impact the look, feel or usability of the site or any messages above or below it for that matter. Personally I hate scrollbars within frames (makes me take my hand off the keyboard), so I'm going to veto it for now unless something else arises that makes it more obnoxious.

- RSnake
Gotta love it. http://ha.ckers.org

Options: ReplyQuote
Pages: Previous12
Current Page: 2 of 2


Sorry, only registered users may post in this forum.