Bugtraq mailing list archives
Re: Sql injection in WordPress 2.1.2
From: steven () lovebug org
Date: Fri, 9 Mar 2007 13:39:22 -0800 (PST)
Care to provide a demonstration exploit then? You do realize that $new_cat is just a variable pulled from the $add_cats array, right? Show everyone how you are going to inject SQL into the list of categories.
Hello, There is a sql injection in WordPress 2.1.2 (and maybe others) . A user with "add link" permission (Editor/Administrator) can do this : The '$new_cat' variable in "wp_set_link_cats()" function is not checked properly before be used in the sql query : File /wp-admin/admin-db.php, Line 472 : $wpdb->query(" INSERT INTO $wpdb->link2cat (link_id, category_id) VALUES ($link_ID, $new_cat)"); - Omid
Current thread:
- Sql injection in WordPress 2.1.2 Omid (Mar 09)
- Re: Sql injection in WordPress 2.1.2 steven (Mar 09)