[wp-hackers] Forum Post

Jason Bainbridge jbainbridge at gmail.com
Wed May 25 17:47:18 GMT 2005


Well that particular issue that Ryan referred to was a security hole
within Wordpress that could have been exploited as looking at the diff
it wasn't checking to see if $tb_id was an integer or not and could
have been used for an SQL injection attack on the query: SELECT
ping_status FROM $wpdb->posts WHERE ID = $tb_id, it would be easy
enough to terminate that query and then piggy back a DROP DATABASE
statement on the end of it without the proper checking that was added
with the patch.

Now the issue with displaying the contents of directories that is a
different story, that isn't even really much of a security problem
anyway, if you have stuff in those directories you don't want anyone
to know about then you already have a problem right there. Security by
obsfucation as we all know isn't security at all and that is all what
hiding directory contents accomplishes.

Regards,
Jason

On 5/25/05, Chris Davis <chrisdmitri at gmail.com> wrote:
> Hey lets just take all responsibility off of the end user, or their
> webhost and do everything ourselves!  Geez people, why should we be
> held responsible for a mis-configured web-server?
> 
> On 5/23/05, Ryan Boren <ryan at boren.nu> wrote:
> > On Mon, 2005-05-23 at 16:21 -0400, Robert Deaton wrote:
> > > BTW, as far as exploits on the 1.5 codebase, there was one, an SQL
> > > Injection vunerability in wp-trackback.php. Although not easily
> > > exploitable, it still exist(ed). I don't remember if this got fixed or
> > > not, but I do remember seeing it on the gentoo bug tracker
> >
> > http://trac.wordpress.org/changeset/2556#file3
> >
> > That diff took care of a tb_id vulnerability, which is the only
> > wp-trackback related vulnerability that I am aware of.
> >
> > Ryan
> >
> > _______________________________________________
> > wp-hackers mailing list
> > wp-hackers at lists.automattic.com
> > http://lists.automattic.com/mailman/listinfo/wp-hackers
> >
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list