lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 9 Mar 2007 13:39:22 -0800 (PST) From: steven@...ebug.org To: "Omid" <omid@...kers.ir> Cc: bugtraq@...urityfocus.com Subject: Re: Sql injection in WordPress 2.1.2 Care to provide a demonstration exploit then? You do realize that $new_cat is just a variable pulled from the $add_cats array, right? Show everyone how you are going to inject SQL into the list of categories. > Hello, > > There is a sql injection in WordPress 2.1.2 (and maybe others) . > A user with "add link" permission (Editor/Administrator) can do this : > > The '$new_cat' variable in "wp_set_link_cats()" function is not checked > properly before be used in the sql query : > > File /wp-admin/admin-db.php, Line 472 : > > $wpdb->query(" > INSERT INTO $wpdb->link2cat (link_id, category_id) > VALUES ($link_ID, $new_cat)"); > > > - Omid >
Powered by blists - more mailing lists