WebApp Sec mailing list archives
WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]
From: Leonard den Ottolander <leonard () den ottolander nl>
Date: Tue, 21 Dec 2010 13:44:50 +0100
Hello Jerry, On Thu, 2010-12-02 at 15:34 -0800, Jerry Franz wrote:
And in an exact example of this, today I needed to update some WordPress (WP) installations. Only, for "some reason" the FTP based autoupdater didn't work today.
Do you feel comfortable letting a web application update itself using FTP or even SSH credentials? http://wordpress.org/support/topic/filesystem-credentials-very-bad-practice-and-totally-unnecessary https://bugzilla.redhat.com/show_bug.cgi?id=659294 The patch shown in http://core.trac.wordpress.org/changeset/16625 prompted me to try a $ grep -r "\=\ \%s\"" * in the web root of a WordPress installation. The matches are a bunch of possible SQL injections. Haven't checked the actual code paths, but note how all these strings are unescaped and potentially allow the addition of extra statements using ';'. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!] Leonard den Ottolander (Dec 21)
- Re: [CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!] Leonard den Ottolander (Dec 22)