[wp-hackers] Security Issue Post in Forums

Ryan Boren ryan at boren.nu
Thu Sep 7 17:19:01 GMT 2006


Peter Westwood wrote:
> The source is here:
> http://www.securityfocus.com/archive/1/445374/30/0/threaded
> 
> I tried this against my sandbox 2.0.4 install and it didn't do anything.
> 
> No sign of SQL inject into any of the database queries as examined from
> the dump produced by Ryans excelent dump_queries plugin [1]

We cast "paged" to an int and then take the absolute value.  We've got 
it covered.

Ryan


More information about the wp-hackers mailing list