[wp-trac] Re: [WordPress Trac] #5455: Charset SQL Injection
Vulnerability
WordPress Trac
wp-trac at lists.automattic.com
Tue Dec 11 09:26:59 GMT 2007
#5455: Charset SQL Injection Vulnerability
-----------------------+----------------------------------------------------
Reporter: pishmishy | Owner: pishmishy
Type: defect | Status: assigned
Priority: normal | Milestone: 2.5
Component: Security | Version: 2.4
Severity: normal | Resolution:
Keywords: |
-----------------------+----------------------------------------------------
Comment (by pishmishy):
I'd have thought that switching escape() to use mysql_real_escape_string()
would fix this but it doesn't appear to do so (perhaps I'm doing something
wrong), I still get the error.
/index.php?exact=1&sentence=1&s=%b3%27 gets me
WordPress database error: [You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax
to use near '�\''))) AND post_type = 'post' AND (post_status = 'publish')
ORDER BY post_dat' at line 1]
SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND
(((post_title LIKE '�\'') OR (post_content LIKE '�\''))) AND post_type =
'post' AND (post_status = 'publish') ORDER BY post_date DESC LIMIT 0, 10
See also #3286.
--
Ticket URL: <http://trac.wordpress.org/ticket/5455#comment:3>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list