Commonly, this is only going to be exploitable in any meaningful fashion if there is javascript code from the remote site (WP in this case) that is being eval()ed, and because we aren't using JSON and afaik we're not doing any eval magic to store information in variables (especially since all our AJAX interaction currently in WP is limited to little more than submitting info and checking for a success value).
So, my first bet would be this isn't a worry for us as WP stands. On 4/2/07, Dan Milward <[EMAIL PROTECTED]> wrote:
I wonder if this sort of attack makes wordpress sites vulnerable? http://it.slashdot.org/article.pl?sid=07/04/02/1113242 Ciao, Dan Lloyd Budd wrote: > On 4/2/07, Anu Gupta DCSA <[EMAIL PROTECTED]> wrote: >> >> To have the Online Questionnaire, please visit: >> >> http://anu.puchd.ac.in/phpESP/public/survey.php?name=FOSS_Defect_Survey > > It would awesome if all of us on this list filled out the survey! I am > very interested in other WordPress participants answers and how it > relates to other open source products. > > I have published my own answers (with comments) at > http://testingopensource.com/a-survey-on-current-practices-in-defect-management-in-freeopen-source-software/ > > > Thanks, -- Instinct Entertainment Limited Level 3, Education House, 178 Willis Street PO Box 12-519, Wellington, New Zealand Ph. 64-4-385 8082 Mobile. 021-449 901 [EMAIL PROTECTED] http://www.instinct.co.nz _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
-- --Robert Deaton http://lushlab.com _______________________________________________ wp-testers mailing list [email protected] http://lists.automattic.com/mailman/listinfo/wp-testers
