Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Web :: Blogs :: tb10684.htm

Wordpress All versions XSS
Wordpress All versions XSS
Wordpress All versions XSS

Advisory by Jose Carlos Norte

Wordpress is vulnerable to XSS attacks when custom 404 pages are used by the template.

The problem (sidebar.php):

if wordpress template use custom 404 pages, like:

Error 404 - Not Found

$_SERVER['PHP_SELF']; can contain special characters to break out html and perform XSS attacks, example: if no custom 404 page set by wordpress theme this attacks is not posible.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH