[wp-hackers] SQL injection

Andre SC andre at pixelplexus.co.za
Wed Dec 5 18:34:27 GMT 2007


http://www.google.co.za/search?q=security+focus+wordpress+SQL+injection :)

from the post:
~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~

Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p=

Parameter : P

POC = 
Author : Beenu Arora

Mail : beenudel1986 (at) gmail (dot) com [email concealed]

    * <http://www.securityfocus.com/archive/1/484608>

Computer Guru wrote:
> Back in the olden days before URIs were invented, people used to go on IRC
> and email and talk about something they'd seen in the massive, huge maze
> that was the world wide web. 
> Because many times people had no idea exactly what tiny bit of the huge www
> it was that someone was referring to, they invented something called a URI,
> and it looks something like this: http://cnn.com/
> With this URI, it became possible for people to add a _link_ to an email or
> IRC message so that people receiving the message would know WTF the OP was
> referring to, and see it for themselves.
> -CG
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Stefano
> Aglietti
> Sent: Wednesday, December 05, 2007 8:02 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] SQL injection
> on security focus today there is a security problme about WP, I looked
> at it and I was unable to reproduce it, and the sql query sound
> strange cause it refer to non existent colum ind user database...
> I suppose that even if it's a true problem it won't work for feeds
> redirected to feedburner, right?
> Thanks for any info.

More information about the wp-hackers mailing list