> Package: wordpress > Version: 2.0.7-1 > Severity: grave > Tags: security > > Hi, > > Due to the completely incorrect usage of $_REQUEST almost all over the place > wordpress is subject to delayed attacks via cookies. > > The attack can be performed as long as there is some way to inject a cookie > which is sent by the browser to the server. Note that this means that some > XSS vulnerability in wordpress or in any other service, or even by visiting a > malicious site under the same domain could lead to any of the following (and > even lots more) attacks. I agree that the problem exists but I don't think it's a grave one. As you said, before exploiting wordpress we need to inject a maliciuos cookie and if we can do such things I really don't think the problem is going to be wordpress.
At the moment there are no known XSS isues for wordpress (in lenny/sid and experimental) so I think the problem really applies to etch only (for which we still have CVE-2008-2068 and CVE-2007-4483). At the moment the entire wordpress structure is base on the use of $_REQUEST and this is obviously one of the worst errors developers could do; the changes to apply to get rid of this bad use of $_REQUEST are really important so I don't think I should do something without the help of upstream developers. As soon as the CVE gets confirmed I'll file a bug upstream asking to modify wordpress to use $_GET $_POST and $_COOKIES. Thank you very much for reporting this. Cheers. Andrea De Iacovo
signature.asc
Description: Questa รจ una parte del messaggio firmata digitalmente
