[wp-hackers] Wordpress database encryption.
Mike Schinkel
mikeschinkel at newclarity.net
Sun Nov 27 06:29:21 UTC 2011
On Nov 27, 2011, at 1:09 AM, Dion Hulse (dd32) wrote:
> SQL Injection can be used for anything; Adding users, Deleting users,
> Droping tables, and in many cases, Has also been used to alter the
> SELECT query to display different data than expected, For example, if
> you could SQL inject the primary WP_Query SQL, you could make the
> posts list display usernames/emails/hashed passwords instead of posts.
Okay, I get the adding of users, that makes sense. I can also see how they could get hashed passwords from an authors list.
But I still don't see how you could use SQL injection to get hashed passwords from the posts list unless it was an extremely complex SQL query combine with a really wide open hole, or if if the plugin already added a join to the users table. To get hashed passwords the injection would have to modify the field list, and the table list, no? The field list is easy for a poorly coded plugin, but I don't see how it's likely to annotate a join to the table list via SQL injection? If it is possible, please inform me how so I can make sure to never allow it in my plugins.
-Mike
More information about the wp-hackers
mailing list