[wp-hackers] FW: Sql injection in WordPress 2.1.2
Aaron Brazell
emmensetech at gmail.com
Mon Mar 12 01:54:48 GMT 2007
Why the heck would you post this here and not send it to security at wordpress.org?
--
Aaron Brazell
Technology Manager, b5media
"A Global New Media Company"
web:: www.b5media.com, www.technosailor.com
phone:: 410-608-6620
skype:: technosailor
-----Original Message-----
From: "Ross M. W. Bennetts" <ross.bennetts at une.edu.au>
Date: Mon, 12 Mar 2007 12:19:15
To:<wp-hackers at lists.automattic.com>
Subject: [wp-hackers] FW: Sql injection in WordPress 2.1.2
-----Original Message-----
From: Omid [mailto:omid at hackers.ir]
Sent: Saturday, 10 March 2007 2:46 AM
To: bugtraq at securityfocus.com
Subject: Sql injection in WordPress 2.1.2
Hello,
There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :
The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :
File /wp-admin/admin-db.php, Line 472 :
$wpdb->query("
INSERT INTO $wpdb->link2cat (link_id, category_id)
VALUES ($link_ID, $new_cat)");
- Omid
_______________________________________________
wp-hackers mailing list
wp-hackers at lists.automattic.com
http://lists.automattic.com/mailman/listinfo/wp-hackers
More information about the wp-hackers
mailing list