lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <0d0b4a392110a4f6f1ab2919c673be7f@localhost>
Date: Tue, 27 Feb 2007 15:14:14 -0600
From: Justin Frydman - Thinkweb Media <justin@...nkwebmedia.com>
To: SaMuschie <samuschie@...oo.de>
Cc: bugtraq@...urityfocus.com, full-disclosure@...ts.grok.org.uk,
	vuln-dev@...urityfocus.com, webappsec@...urityfocus.com
Subject: Re: WordPress Search Function SQL-Injection


Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then?

On Tue, 27 Feb 2007 21:39:55 +0100 (CET), SaMuschie <samuschie@...oo.de> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> +--------------------------------------- -  -- -
> | SaMuschie Research Labs proudly presents . . .
> +-------------------------------------------  -- -  -  
> | Application: wordpress
> | Version: <= 2.1.1
> | Vuln./Exploit Type: SQL-Injection
> | Status: 0day
> +----------------------------------------- --  -  -  
> | Discovered by: Samenspender
> | Released: 20070227
> | SaMuschie Release Number: 2
> +------------------------------- -  -- -
> 
> Searching for a single ,,comma,, generates a sql error message.
> 
> e.g.:
> 
> http://wordpress-deutschland.org/?s=,
> 
> results in:
> 
>     "WordPress Datenbank-Fehler: [You have an error in your SQL syntax;
> check the
> manual that corresponds to your MySQL server version for the right syntax
> to 
> use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER
> BY 
> post_date DE' at line 1] 
> SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND
> () 
> AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date
> DESC
> LIMIT 0, 10"
> 
> +-----------------------------  -- -
> | Lameness Disclaimer
> +------------------------------------- - -- -  -  
> | SaMuschie Research Labs was found to publish
> | vulnerabilities within well known software products,
> | which are easy to discover and exploit.
> | 
> | SaMuschie researchers just spend a minimum of time
> | and knowledge for each vulnerability. Hence readers of 
> | this advisory are requested not to ask any questions
> | to the researchers.... they don't know the answer ;) 
> +----------------------------------  - --  - -
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
> 
> iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8
> ZfylSi7g8HINHkpBYzYgUqE=
> =fBdH
> -----END PGP SIGNATURE---

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ