A vulnerability in the WordPress blogging platform has been uncovered which allows hackers to hijack websites with a comment containing malicious JavaScript, The Hill reveals.
The exploit was discovered by Finnish security firm Klikky Oy, and allows hackers to push malicious code in the comments section of a website. Attackers need to leave a long comment (over 64kb) containing malicious JavaScript. The length of comment required (65,535 ‘A’ characters, Forbes reckons) is necessary as that is what would trigger the error that allows the code to be displayed.
Zero-day lets hackers hijack WordPress through rogue comments
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.