[wp-trac] [WordPress Trac] #10841: admin-ajax.php SQL INJECTION!!
WordPress Trac
wp-trac at lists.automattic.com
Tue Nov 3 06:35:12 UTC 2009
#10841: admin-ajax.php SQL INJECTION!!
-----------------------------+----------------------------------------------
Reporter: ulgaming | Owner: westi
Type: defect (bug) | Status: assigned
Priority: highest omg bbq | Milestone: 2.9
Component: Security | Version: 2.8.4
Severity: blocker | Keywords: sql injection
-----------------------------+----------------------------------------------
Comment(by dwright):
''As soon as he goes to that page, he executes a MySQL query, and changes
the user, pass and email of an editor and renames his user to "kamine". ''
is there any additional (specific) information about this exploit? (i.e.
what query?, params?, get/post, etc,... do you have access to your web
server logs?)
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10841#comment:8>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list