Re: SQL Injection Exploit for WordPress <= 1.5.1.1

[Giorgio Mandolfo <giorgio () mandolph ath cx>]

* Alberto Trivero <trivero () jumpy it> [070605, 21:40]:
> #!/usr/bin/perl -w

Thanks for the code.
In any case I get 'Unable to retrieve username' and 'hash of password'

That's quite strange since I run a exploitable version. 
According to wp-includes/version.php this is Wordpress 1.5 (old install from a
gentoo system)

GLSA 200506-04 says that Wordpress < 1.5.1.2 is vulnerable, but it seems not to
be the case.

Who can clarify?
Thanks,

Giorgio

-- 
BOFH excuse #449:

greenpeace free'd the mallocs