Wordpress (http://www.wordpress.org).
Moderate.
03 March 2007.
All.
The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.
For example if a user logins successfully with his credentials
on the following page
http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in
He will be redirected to www.google.co.in.
This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.
Reported on 03 March 2007. Fix will be made available in next version.
–
MSG // http://www.metaeye.org