[wp-trac] [WordPress Trac] #2769: Security implication: Sql
injection on page_id reveals a bug on pages list
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 2 07:06:20 GMT 2006
#2769: Security implication: Sql injection on page_id reveals a bug on pages list
-----------------------+----------------------------------------------------
Id: 2769 | Status: new
Component: Security | Modified: Fri Jun 2 07:06:20 2006
Severity: critical | Milestone: 2.1
Priority: normal | Version: 2.1
Owner: anonymous | Reporter: pcdinh
-----------------------+----------------------------------------------------
I work with Wordpress 2.1 alpha1 build 2/6/2006 and find that if I send a
request like this
http://path/wordpress/?page_id=,
or
http://192.168.1.104/php/wordpress/?page_id=char()
or
http://192.168.1.104/php/wordpress/?page_id=%3Cscript%3E
Live example:
http://www.binarymoon.co.uk/?page_id=%22.%22%20or%201%20=%201%22.
I will have a list of all pages following by comments blocks displayed
repeatly. It means that page_id is not checked against integer values.
Thanks
pcdinh
--
Ticket URL: <http://trac.wordpress.org/ticket/2769>
WordPress Trac <http://wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list