[wp-hackers] SQL injection
computerguru at neosmart.net
Wed Dec 5 18:38:36 GMT 2007
It was before they invented Google, too.
From: wp-hackers-bounces at lists.automattic.com
[mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Andre SC
Sent: Wednesday, December 05, 2007 8:34 PM
To: wp-hackers at lists.automattic.com
Subject: Re: [wp-hackers] SQL injection
from the post:
~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~
Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p=
Parameter : P
Author : Beenu Arora
Mail : beenudel1986 (at) gmail (dot) com [email concealed]
Computer Guru wrote:
> Back in the olden days before URIs were invented, people used to go on IRC
> and email and talk about something they'd seen in the massive, huge maze
> that was the world wide web.
> Because many times people had no idea exactly what tiny bit of the huge
> it was that someone was referring to, they invented something called a
> and it looks something like this: http://cnn.com/
> With this URI, it became possible for people to add a _link_ to an email
> IRC message so that people receiving the message would know WTF the OP was
> referring to, and see it for themselves.
> -----Original Message-----
> From: wp-hackers-bounces at lists.automattic.com
> [mailto:wp-hackers-bounces at lists.automattic.com] On Behalf Of Stefano
> Sent: Wednesday, December 05, 2007 8:02 PM
> To: wp-hackers at lists.automattic.com
> Subject: [wp-hackers] SQL injection
> on security focus today there is a security problme about WP, I looked
> at it and I was unable to reproduce it, and the sql query sound
> strange cause it refer to non existent colum ind user database...
> I suppose that even if it's a true problem it won't work for feeds
> redirected to feedburner, right?
> Thanks for any info.
wp-hackers mailing list
wp-hackers at lists.automattic.com
More information about the wp-hackers