Destroyed CVE 2014 0165 (markdown)
Ryan Dewhurst
@@ -1,21 +0,0 @@
|
|||||||
From WordPress:
|
|
||||||
|
|
||||||
"Privilege escalation: prevent contributors from publishing posts."
|
|
||||||
|
|
||||||
From the researcher (edik) who found the vulnerability:
|
|
||||||
|
|
||||||
Using the bulk edit feature you can publish posts and pages PUBLICLY without the publishing-cap. The problem is that there are no checks for publishing-cap's on serverside. It's only protected in UI.
|
|
||||||
|
|
||||||
How to reproduce:
|
|
||||||
|
|
||||||
1. Login as contributor
|
|
||||||
|
|
||||||
2. Create a draft post
|
|
||||||
|
|
||||||
3. Mark the draft in post list and open the bulk edit form
|
|
||||||
|
|
||||||
4. Make use of tools like Firebug to change a value in the status dropdown. You have to set the value of an entry to 'publish'
|
|
||||||
|
|
||||||
5. Select the changed status entry
|
|
||||||
|
|
||||||
6. Push the button and welcome to the next level
|
|
||||||
Reference in New Issue
Block a user