[wp-hackers] forum post: sql injection
journalized at gmail.com
Fri Aug 5 00:01:41 GMT 2005
On 04/08/05, Scott Merrill <skippy at skippy.net> wrote:
> Scott Merrill wrote:
> > http://wordpress.org/support/topic/41064
> > A quckie plugin registered against check_passwords might be a stop-gap fix.
There is no sql injection vulnerability that I can see.
I tired setting a password to
password'), user_level=9, user_firstname=('
hoping to get
$updatepassword = "user_pass=MD5('password'), user_level=upper('9'), ";
what I got, in the query, was
Which gives a syntax error and hence the 'your session has expired' message.
More information about the wp-hackers