[wp-hackers] forum post: sql injection

Denis de Bernardy denis at semiologic.com
Fri Aug 5 00:03:47 GMT 2005


Magic quotes on?

D.

> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com 
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of 
> Mike Little
> Sent: Thursday, August 04, 2005 5:02 PM
> To: wp-hackers at lists.automattic.com
> Subject: Re: [wp-hackers] forum post: sql injection
> 
> 
> On 04/08/05, Scott Merrill <skippy at skippy.net> wrote:
> > Scott Merrill wrote:
> > > http://wordpress.org/support/topic/41064
> > >
> > > A quckie plugin registered against check_passwords might be a 
> > > stop-gap fix.
> > >
> > 
> 
> There is no sql injection vulnerability that I can see.
> 
> I tired setting a password to 
> 
> password'), user_level=9, user_firstname=('
> 
> hoping to get 
> 
> $updatepassword = "user_pass=MD5('password'), 
> user_level=upper('9'), "; 
> 
> what I got, in the query, was 
> 
> user_pass=MD5('password\\'), user_level=upper(\\'9'),
> 
> Which gives a syntax error and hence the 'your session has 
> expired' message.
> 
> Mike
> -- 
> Mike Little
> http://zed1.com/journalized/ 
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com 
> http://lists.automattic.com/mailman/listinfo/wp-hackers
> 



More information about the wp-hackers mailing list