[wp-hackers] FW: WordPress Search Function SQL-Injection
steve caturan
scaturan at negimaki.com
Tue Feb 27 23:55:20 GMT 2007
yep, i was able to reproduce the error on 2.1.1 but not 2.0.9
On 2/27/07, Ross M. W. Bennetts <ross.bennetts at une.edu.au> wrote:
> -----Original Message-----
> From: SaMuschie [mailto:samuschie at yahoo.de]
> Sent: Wednesday, 28 February 2007 7:40 AM
> To: bugtraq at securityfocus.com; full-disclosure at lists.grok.org.uk;
> vuln-dev at securityfocus.com; webappsec at securityfocus.com
> Subject: WordPress Search Function SQL-Injection
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> +--------------------------------------- - -- -
> | SaMuschie Research Labs proudly presents . . .
> +------------------------------------------- -- - -
> | Application: wordpress
> | Version: <= 2.1.1
> | Vuln./Exploit Type: SQL-Injection
> | Status: 0day
> +----------------------------------------- -- - -
> | Discovered by: Samenspender
> | Released: 20070227
> | SaMuschie Release Number: 2
> +------------------------------- - -- -
>
> Searching for a single ,,comma,, generates a sql error message.
>
> e.g.:
>
> http://wordpress-deutschland.org/?s=,
>
> results in:
>
> "WordPress Datenbank-Fehler: [You have an error in your SQL syntax;
> check the
> manual that corresponds to your MySQL server version for the right syntax to
>
> use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY
> post_date DE' at line 1]
> SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND ()
>
> AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date
> DESC
> LIMIT 0, 10"
>
> +----------------------------- -- -
> | Lameness Disclaimer
> +------------------------------------- - -- - -
> | SaMuschie Research Labs was found to publish
> | vulnerabilities within well known software products,
> | which are easy to discover and exploit.
> |
> | SaMuschie researchers just spend a minimum of time
> | and knowledge for each vulnerability. Hence readers of
> | this advisory are requested not to ask any questions
> | to the researchers.... they don't know the answer ;)
> +---------------------------------- - -- - -
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8
> ZfylSi7g8HINHkpBYzYgUqE=
> =fBdH
> -----END PGP SIGNATURE-----
>
>
>
> ___________________________________________________________
> Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
More information about the wp-hackers
mailing list