[wp-trac] [WordPress Trac] #11779: SQL injection is possible in ms-edit.php?

WordPress Trac wp-trac at lists.automattic.com
Wed Jan 6 19:49:27 UTC 2010


#11779: SQL injection is possible in ms-edit.php?
-------------------------------+--------------------------------------------
 Reporter:  Denis-de-Bernardy  |       Owner:  ryan
     Type:  defect (bug)       |      Status:  new 
 Priority:  normal             |   Milestone:  3.0 
Component:  Security           |     Version:  3.0 
 Severity:  critical           |    Keywords:      
-------------------------------+--------------------------------------------
 in addition to not getting the handy strip_slashes_deep(), we have a
 completely unsanitized query:

 {{{
                 // update blogs table
                 $result = $wpdb->query( "UPDATE {$wpdb->blogs} SET
                                 domain       = '".$_POST[ 'blog' ][
 'domain' ]."',
                                 path         = '".$_POST[ 'blog' ][ 'path'
 ]."',
                                 registered   = '".$_POST[ 'blog' ][
 'registered' ]."',
                                 public       = '".$_POST[ 'blog' ][
 'public' ]."',
                                 archived     = '".$_POST[ 'blog' ][
 'archived' ]."',
                                 mature       = '".$_POST[ 'blog' ][
 'mature' ]."',
                                 deleted      = '".$_POST[ 'blog' ][
 'deleted' ]."',
                                 spam         = '".$_POST[ 'blog' ][ 'spam'
 ]."'
                         WHERE  blog_id = '$id'" );

 }}}

-- 
Ticket URL: <http://core.trac.wordpress.org/ticket/11779>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software


More information about the wp-trac mailing list