Signature Detail
Short Name |
HTTP:XSS:WP-PHOTORACER |
|---|---|
Severity |
Medium |
Recommended |
Yes |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Photoracer WordPress Plugin Cross Site Scripting |
Release Date |
2011/09/13 |
Update Number |
1993 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Photoracer WordPress Plugin Cross Site Scripting
This signature detects attempts to exploit a known cross-site scripting vulnerability in the WordPress Photoracer Plugin. It is due to insufficient validation of user-supplied input. Attackers can steal cookie-based authentication credentials and launch other attacks.
Extended Description
Photoracer WordPress plugin is prone to multiple SQL-injection and cross-site scripting vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Photoracer versions 1.0 and prior are vulnerable.
Affected Products
- WordPress Photoracer 1.0
References
- BugTraq: 49328
- URL: http://palmonaz.altervista.org/z/photoracer/
- URL: http://www.wordpress.com