[wp-hackers] FW: Sql injection in WordPress 2.1.2

Aaron Brazell emmensetech at gmail.com
Mon Mar 12 01:54:48 GMT 2007

Why the heck would you post this here and not send it to security at wordpress.org?
Aaron Brazell 
Technology Manager, b5media
"A Global New Media Company" 

web:: www.b5media.com, www.technosailor.com
phone:: 410-608-6620 
skype:: technosailor   

-----Original Message-----
From: "Ross M. W. Bennetts" <ross.bennetts at une.edu.au>
Date: Mon, 12 Mar 2007 12:19:15 
To:<wp-hackers at lists.automattic.com>
Subject: [wp-hackers] FW: Sql injection in WordPress 2.1.2

-----Original Message-----
From: Omid [mailto:omid at hackers.ir] 
Sent: Saturday, 10 March 2007 2:46 AM
To: bugtraq at securityfocus.com
Subject: Sql injection in WordPress 2.1.2


There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :

The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :

File /wp-admin/admin-db.php, Line 472 :

				INSERT INTO $wpdb->link2cat (link_id, category_id)
				VALUES ($link_ID, $new_cat)");

- Omid

wp-hackers mailing list
wp-hackers at lists.automattic.com

More information about the wp-hackers mailing list