CVE-2007-1244
WordPress < 2.1.1 - Cross-Site Request Forgery via AdminPanel Delete Action
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-1244. PoCs published by Samenspender.
AI-analyzed exploit summary This exploit demonstrates a cross-site scripting (XSS) vulnerability in WordPress 2.1.1 by injecting malicious JavaScript via the 'post' parameter in the post.php file. The PoC shows two examples: one that displays the user's cookies in an alert box and another that sends the cookies to a remote server.
Description
Cross-site request forgery (CSRF) vulnerability in the AdminPanel in WordPress 2.1.1 and earlier allows remote attackers to perform privileged actions as administrators, as demonstrated using the delete action in wp-admin/post.php. NOTE: this issue can be leveraged to perform cross-site scripting (XSS) attacks and steal cookies via the post parameter.
Exploits (1)
This exploit demonstrates a cross-site scripting (XSS) vulnerability in WordPress 2.1.1 by injecting malicious JavaScript via the 'post' parameter in the post.php file. The PoC shows two examples: one that displays the user's cookies in an alert box and another that sends the cookies to a remote server.