[wp-hackers] forum post: sql injection

Mike Little journalized at gmail.com
Fri Aug 5 00:01:41 GMT 2005

On 04/08/05, Scott Merrill <skippy at skippy.net> wrote:
> Scott Merrill wrote:
> > http://wordpress.org/support/topic/41064
> >
> > A quckie plugin registered against check_passwords might be a stop-gap fix.
> >

There is no sql injection vulnerability that I can see.

I tired setting a password to 

password'), user_level=9, user_firstname=('

hoping to get 

$updatepassword = "user_pass=MD5('password'), user_level=upper('9'), "; 

what I got, in the query, was 

user_pass=MD5('password\\'), user_level=upper(\\'9'),

Which gives a syntax error and hence the 'your session has expired' message.

Mike Little

More information about the wp-hackers mailing list