skoro wszystko zwiazane z pomyslami i sugestiami uzytkownikow forum, wklejam pliczek, ktory kiedys tam dostalem od kogos tam
Kod:
Name : QuickPress persistant XSS in $content and $post_title
Vendor : Wordpress 2.9.2
Date : 1.06.2010
Bug : Persistant XSS (logged only)
Tested : Ubuntu 10.4. LTS
Thanks : 4 you.
Details:
QuickPress from Wordpress in $post_title and $content has an XSS vulnerability.
When you log in, add this line to your QuickPress:
"><script>alert(1)</script> to tittle and as a content of your 'quickpost' and see whats happen.
Location: localhost/wordpress/wp-admin/post.php
Second persistant XSS is in /wp-admin/page.php (the same as above).
Try to "><script> $content and $post_title.