Bugtraq mailing list archives
Re: SQL Injection Exploit for WordPress <= 1.5.1.1
From: Giorgio Mandolfo <giorgio () mandolph ath cx>
Date: Tue, 7 Jun 2005 22:24:38 +0200
* Alberto Trivero <trivero () jumpy it> [070605, 21:40]:
#!/usr/bin/perl -w
Thanks for the code. In any case I get 'Unable to retrieve username' and 'hash of password' That's quite strange since I run a exploitable version. According to wp-includes/version.php this is Wordpress 1.5 (old install from a gentoo system) GLSA 200506-04 says that Wordpress < 1.5.1.2 is vulnerable, but it seems not to be the case. Who can clarify? Thanks, Giorgio -- BOFH excuse #449: greenpeace free'd the mallocs
Current thread:
- SQL Injection Exploit for WordPress <= 1.5.1.1 Alberto Trivero (Jun 07)
- Re: SQL Injection Exploit for WordPress <= 1.5.1.1 Giorgio Mandolfo (Jun 07)