photo credit: Melissa Maples

I came across an interesting point that outlines that dangers of using $_SERVER variables to submit form, a practice that’s pretty common in WordPress plugins. The problem is that it opens the form up to be used for cross-site scripting (XSS) exploits. The post even has a couple of examples demonstrating how the exploits could be put together; examples that you can use to test your own code.

It’s important to know about these exploits and how they work. Ignoring them when writing code is a bit like putting cardboard displays in front of a crumbling building. It may look pretty from the outside, but you’re building something that is putting other people at risk.

So, read the post here.

Imagine a blog site using wordpress 2.6.1 and its web address is www.hackme.com , when you type in your address bar http://www.hackme.com/wp-login.php?action=register the new user registration page comes up !

After that we type our user name as “admin                                                       x” (make sure there are 52 space characters between “x” and “admin”. So after that type your e-mail address to the next textbox and click register. By doing this we are cloning the “admin” user name. Your password will come to your e-mail address shortly. You will not able to login with this information directly, So open the same page again and click “forgot password”, type in your own e-mail address and your will receive the link to reset the admin password. Once you click the reset link, the new password will be generated and will be sent to the real owner of the website.

Now, although people can’t log in with that password, it can prove to be very annoying and can even be used to implement a denial-of-service attack, but continually changing the admin’s password. How can you address the issue. Either upgrade to WordPress 2.6.2 or disable user registrations.