[wp-hackers] FW: WordPress Search Function SQL-Injection

Robin Adrianse robin.adr at gmail.com
Wed Feb 28 02:45:24 GMT 2007


It's hardly a problem. It's not an exploit whatsoever. It merely triggers an
error, not allows for SQL injection. I wouldn't believe some of these
"security reports" -- a while back there was a "severe hole" in a
Textpattern version... from 4 years ago -- a prealpha release.

On 2/27/07, Ross M. W. Bennetts <ross.bennetts at une.edu.au> wrote:
>
> I don't think hiding from the problem is any solution, Lloyd.
> These exploits are out there already among the black hats and hackers via
> the BugTraq and Full-Disclosure mailing lists.
> Surely informing the people who can fix the problem (i.e. the blog owners
> who can upgrade) is the most sensible and intelligent thing to do.
>
> Ross M. W. Bennetts
>
> -----Original Message-----
>
>
> I am naive in these things, but hopefully no true injection is
> possible (if it is, don't share it on the  mailing list please).
>
> Thank you,
> Lloyd
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
> _______________________________________________
> wp-hackers mailing list
> wp-hackers at lists.automattic.com
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>


More information about the wp-hackers mailing list