Metaeye Security Group » Redirection Vulnerability in wp-login.php

Vendor: Wordpress (http://www.wordpress.org).

Severity: Moderate.

Dated: 03 March 2007.

Versions Affected: All.

Issue

The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.

For example if a user logins successfully with his credentials
on the following page

http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in

He will be redirected to www.google.co.in.

Impact

This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.

Vendor Status

Reported on 03 March 2007.
Fixed.

References

1. CVE-2007-1599.

| by msg on March 20th, 2007 at 7:50 am | permanent link |


home advisories codes projects hunch archives contact rss2	• Redirection Vulnerability in wp-login.php Vendor: Wordpress (http://www.wordpress.org). Severity: Moderate. Dated: 03 March 2007. Versions Affected: All. Issue The wp-login.php page redirects a user to arbitrary page after successful login by setting the redirect_to url parameter. For example if a user logins successfully with his credentials on the following page http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in He will be redirected to www.google.co.in. Impact This can lead to credentials stealing. Also cookie stealing is possible coupled with some browser bugs. Vendor Status Reported on 03 March 2007. Fixed. References 1. CVE-2007-1599. \| by msg on March 20th, 2007 at 7:50 am \| permanent link \|
[ © MSG ]