[wp-hackers] SQL injection signaled but no info about it.. fake or thruth?

DD32 wordpress at dd32.id.au
Wed Apr 16 06:58:33 GMT 2008


I've seen it, But i've not been able to locate any information about it.
Granted i've not seen any security at wordpress.org emails, so devs *may* be  
aware of something.

There was a recent commit which added more prepared queries:  
http://trac.wordpress.org/changeset/7645 theres a few in there related to  
comments, But i think they're all escaped correctly allready.

"Attackers can use a browser to exploit these issues." also means there's  
only 3 main forms of attack, The Commentor name, The Commentors URL, and  
the actual comment, I took a quick look at them, and they seemed to be  
escaped ok for me.
I have a feeling if there is indeed a problem, that its probably something  
to do with Custom Database collations/charsets & WP not being able to  
escape them fully, there was a previous SQL injection which used something  
like that IIRC.

Take this message with a grain of salt of course, I'm no dev, Nor would i  
not be supprised if i missed something basic when looking over it.. But  
honestly, If there *was* a huge problem, then 2.5.1 most likely would've  
been rolled out faster, and there'd be many commits trying to get  
everything else thats wanted to be fixed in 2.5.1 done..

Just my 5c (Rounded up of course :P)

On Wed, 16 Apr 2008 15:53:32 +1000, Stefano Aglietti <steagl4ml at gmail.com>  
wrote:

> http://www.securityfocus.com/bid/28703/info
>
> Talks about a possibile SQL injection exploit in comment form, there
> is no info neither example of the bug.
>
> SHould be trye? In this case 2.5.1 need to be released immediatly if
> not maybe some official words will help cause you know how the net
> like to talk bad about WP if there is a chanche to do :)
>




More information about the wp-hackers mailing list