[wp-trac] [WordPress Trac] #10841: admin-ajax.php SQL INJECTION!!
WordPress Trac
wp-trac at lists.automattic.com
Thu Sep 24 15:31:49 UTC 2009
#10841: admin-ajax.php SQL INJECTION!!
-----------------------------+----------------------------------------------
Reporter: ulgaming | Owner: ryan
Type: defect (bug) | Status: new
Priority: highest omg bbq | Milestone: Unassigned
Component: Security | Version: 2.8.4
Severity: blocker | Keywords: sql injection
-----------------------------+----------------------------------------------
My site has been hacked 2 - 3 times from this file by the same hacker! The
hacker goes to wp-login.php and tries to access wp-admin/admin-ajax.php .
From there he can do sql injection!
He even caused damaged to the site from the same file by changing a lot of
table data, but i restored it somehow(from backup).
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10841>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list