[wp-hackers] FW: WordPress Search Function SQL-Injection
Lloyd Budd
lloydomattic at gmail.com
Wed Feb 28 00:44:48 GMT 2007
On 2/27/07, Ross M. W. Bennetts <ross.bennetts at une.edu.au> wrote:
> I don't think hiding from the problem is any solution, Lloyd.
> These exploits are out there already among the black hats and hackers via
> the BugTraq and Full-Disclosure mailing lists.
> Surely informing the people who can fix the problem (i.e. the blog owners
> who can upgrade) is the most sensible and intelligent thing to do.
>
> Ross M. W. Bennetts
Sorry, Ross I don't understand. The fix is in that ticket and in SVN.
Triggering an MySQL error is not the same as an injection. I was
question whether an injection is really possible, not questioning what
has been presented in that disclosure nor on this list,
Lloyd
More information about the wp-hackers
mailing list