[wp-trac] Re: [WordPress Trac] #4357: 2.2 remote SQL injection
exploit, user registration, xmlrpc.php.
WordPress Trac
wp-trac at lists.automattic.com
Fri Jun 8 17:16:16 GMT 2007
#4357: 2.2 remote SQL injection exploit, user registration, xmlrpc.php.
-----------------------------+----------------------------------------------
Reporter: drhallows | Owner: anonymous
Type: defect | Status: closed
Priority: highest omg bbq | Milestone: 2.2.1
Component: Security | Version: 2.2.1
Severity: blocker | Resolution: fixed
Keywords: |
-----------------------------+----------------------------------------------
Changes (by foolswisdom):
* priority: high => highest omg bbq
* summary: Apply [5570] int cast to 2.2 branch => 2.2 remote SQL
injection exploit, user registration,
xmlrpc.php.
* severity: major => blocker
Old description:
> Include this ticket http://trac.wordpress.org/changeset/5570 in Wordpress
> 2.2.
New description:
Wordpress 2.2 remote SQL injection exploit, user registration, xmlrpc.php.
Apply [5570] int cast to 2.2 branch
Comment:
Now widely published.
Wordpress version 2.2 remote SQL injection exploit that makes use of
xmlrpc.php.
http://packetstormsecurity.org/0706-exploits/wp22xmlrpc-sql.txt
http://kev.coolcavemen.com/2007/06/wordpress-22-security-hole-identity-
theft/
--
Ticket URL: <http://trac.wordpress.org/ticket/4357#comment:7>
WordPress Trac <http://trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list