[wp-trac] [WordPress Trac] #10841: admin-ajax.php SQL INJECTION!!
WordPress Trac
wp-trac at lists.automattic.com
Fri Sep 25 01:30:25 UTC 2009
#10841: admin-ajax.php SQL INJECTION!!
-----------------------------+----------------------------------------------
Reporter: ulgaming | Owner: westi
Type: defect (bug) | Status: assigned
Priority: highest omg bbq | Milestone: 2.8.5
Component: Security | Version: 2.8.4
Severity: blocker | Keywords: sql injection
-----------------------------+----------------------------------------------
Comment(by ulgaming):
Yes, it's not related to a plugin. All plugins were disabled when this
happened(except Wassup which i used to track the guy, had to enable it to
track him when he had already hacked the site 2 times).
* 07:37:34 ->/
* 07:39:47 ->/wp-admin/
* 07:39:48 ->/wp-login.php?redirect_to=http://www.animeshout.com/wp-
admin/
* 07:39:58 ->/wp-login.php
* 07:41:03 ->/
* 07:41:19 ->/staff-list
* 07:46:33 ->/wp-admin/admin-ajax.php
As soon as he goes to that page, he executes a MySQL query, and changes
the user, pass and email of an editor and renames his user to "kamine".
* LOGGED IN USER: Kamine
* Probably hack attempt!
* us OS: Win2008
* BROWSER: Firefox 3
* RESOLUTION: 1920x1080
* 07:37:34 ->/
* 07:39:47 ->/wp-admin/
* 07:39:48 ->/wp-login.php?redirect_to=http://www.animeshout.com/wp-
admin/
* 07:39:58 ->/wp-login.php
* 07:41:19 ->/staff-list
* 07:46:33 ->/wp-admin/admin-ajax.php
When this happened, the editor wasn't online. Moreover, it's impossible
for an editor or even an admin to change a user's login name.
--
Ticket URL: <http://core.trac.wordpress.org/ticket/10841#comment:5>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list