[wp-hackers] Wordpress database encryption.

Mike Schinkel mikeschinkel at newclarity.net
Sun Nov 27 06:29:21 UTC 2011


On Nov 27, 2011, at 1:09 AM, Dion Hulse (dd32) wrote:
> SQL Injection can be used for anything; Adding users, Deleting users,
> Droping tables, and in many cases, Has also been used to alter the
> SELECT query to display different data than expected, For example, if
> you could SQL inject the primary WP_Query SQL, you could make the
> posts list display usernames/emails/hashed passwords instead of posts.

Okay, I get the adding of users, that makes sense. I can also see how they could get hashed passwords from an authors list.

But I still don't see how you could use SQL injection to get hashed passwords from the posts list unless it was an extremely complex SQL query combine with a really wide open hole, or if if the plugin already added a join to the users table.  To get hashed passwords the injection would have to modify the field list, and the table list, no? The field list is easy for a poorly coded plugin, but I don't see how it's likely to annotate a join to the table list via SQL injection?  If it is possible, please inform me how so I can make sure to never allow it in my plugins.

-Mike



More information about the wp-hackers mailing list