Full Disclosure mailing list archives
Re: WordPress Search Function SQL-Injection
From: Justin Frydman - Thinkweb Media <justin () thinkwebmedia com>
Date: Tue, 27 Feb 2007 15:14:14 -0600
Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? On Tue, 27 Feb 2007 21:39:55 +0100 (CET), SaMuschie <samuschie () yahoo de> wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 +--------------------------------------- - -- - | SaMuschie Research Labs proudly presents . . . +------------------------------------------- -- - - | Application: wordpress | Version: <= 2.1.1 | Vuln./Exploit Type: SQL-Injection | Status: 0day +----------------------------------------- -- - - | Discovered by: Samenspender | Released: 20070227 | SaMuschie Release Number: 2 +------------------------------- - -- - Searching for a single ,,comma,, generates a sql error message. e.g.: http://wordpress-deutschland.org/?s=, results in: "WordPress Datenbank-Fehler: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date DE' at line 1] SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND () AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date DESC LIMIT 0, 10" +----------------------------- -- - | Lameness Disclaimer +------------------------------------- - -- - - | SaMuschie Research Labs was found to publish | vulnerabilities within well known software products, | which are easy to discover and exploit. | | SaMuschie researchers just spend a minimum of time | and knowledge for each vulnerability. Hence readers of | this advisory are requested not to ask any questions | to the researchers.... they don't know the answer ;) +---------------------------------- - -- - - -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8 ZfylSi7g8HINHkpBYzYgUqE= =fBdH -----END PGP SIGNATURE---
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- WordPress Search Function SQL-Injection SaMuschie (Feb 27)
- Re: WordPress Search Function SQL-Injection Justin Frydman - Thinkweb Media (Feb 27)
- Re: WordPress Search Function SQL-Injection ascii (Feb 27)
- Re: WordPress Search Function SQL-Injection Biomech (Feb 28)
- Re: WordPress Search Function SQL-Injection Matthew Flaschen (Feb 27)
- Re: WordPress Search Function SQL-Injection ascii (Feb 27)
- <Possible follow-ups>
- Re: WordPress Search Function SQL-Injection missi (Feb 28)
- Re: WordPress Search Function SQL-Injection Justin Frydman - Thinkweb Media (Feb 27)