[wp-hackers] Re: Another 'WP + SQL injection' post

Jon Bourne jon at akbourne.com
Thu Oct 20 18:35:51 GMT 2005


I stumbled across this yesterday on a local test WP install. I  
figured that for some reason, WP developers--who know more than me  
about PHP--thought it best to rely of magic quotes for wp-mail.php to  
function properly. I even searched trac to see whether it had been  
filed, but didn't report it because I assumed it was somehow my fault.

I fixed the problem on my installation simply by adding addslashes()  
around both the content and subject variables. I don't know whether  
there are other fields that need to be escaped, but that has seemed  
to work for me.

Oh, and by the way, hi, everyone. I'm new here, but have been  
silently 'listening' for a couple months.

Jon Bourne
jon at akbourne.com
Personal site: akbourne.com
Personal business: verticentricity.com
Job where I actually make money: newsminer.com

On Wed, 19 Oct 2005 17:21:19 +0100, Podz wrote:
> Date: Wed, 19 Oct 2005 17:21:19 +0100
> From: Podz <podz at tamba2.org.uk>
> Subject: [wp-hackers] Another 'WP + SQL injection' post
> To: hackers <wp-hackers at lists.automattic.com>
> Message-ID: <4356727F.4010304 at tamba2.org.uk>
> Content-Type: text/plain; charset=UTF-8; format=flowed
>
> "Okay, this is a major concern for anyone with 'posting by email  
> enabled'.
> The warned you that giving out your address is a problem because other
> people can post to your blog. That isn't all there is.
> In at least my current version of wordpress (1.5.2), the wp-mail.php
> page does not sanatize the input received and this leaves your  
> database
> open the sql insertion.
> Because the layout of the database is easily discovered as a wordpress
> data base, hackers could add themselves, remove you, or perform any
> other data base function.
>
> Also, this has the unfortunate side effect of preventing emails
> containing certain punctuation from being put into the data base(think
> quotations) and thuse never getting out of your pop3 box until you
> delete them.
>
> If this hasn't already been addressed in more recent versions, it  
> needs
> to be. "
>
> http://wordpress.org/support/topic/47321
>
> Would someone mind squashing this in the forums please ?
>
> P.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://comox.textdrive.com/pipermail/wp-hackers/attachments/20051020/8100983a/attachment.htm


More information about the wp-hackers mailing list