| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 27 Feb 2007 15:14:14 -0600 From: Justin Frydman - Thinkweb Media <justin@...nkwebmedia.com> To: SaMuschie <samuschie@...oo.de> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, vuln-dev@...urityfocus.com, webappsec@...urityfocus.com Subject: Re: WordPress Search Function SQL-Injection Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? On Tue, 27 Feb 2007 21:39:55 +0100 (CET), SaMuschie <samuschie@...oo.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > +--------------------------------------- - -- - > | SaMuschie Research Labs proudly presents . . . > +------------------------------------------- -- - - > | Application: wordpress > | Version: <= 2.1.1 > | Vuln./Exploit Type: SQL-Injection > | Status: 0day > +----------------------------------------- -- - - > | Discovered by: Samenspender > | Released: 20070227 > | SaMuschie Release Number: 2 > +------------------------------- - -- - > > Searching for a single ,,comma,, generates a sql error message. > > e.g.: > > http://wordpress-deutschland.org/?s=, > > results in: > > "WordPress Datenbank-Fehler: [You have an error in your SQL syntax; > check the > manual that corresponds to your MySQL server version for the right syntax > to > use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER > BY > post_date DE' at line 1] > SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND > () > AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date > DESC > LIMIT 0, 10" > > +----------------------------- -- - > | Lameness Disclaimer > +------------------------------------- - -- - - > | SaMuschie Research Labs was found to publish > | vulnerabilities within well known software products, > | which are easy to discover and exploit. > | > | SaMuschie researchers just spend a minimum of time > | and knowledge for each vulnerability. Hence readers of > | this advisory are requested not to ask any questions > | to the researchers.... they don't know the answer ;) > +---------------------------------- - -- - - > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8 > ZfylSi7g8HINHkpBYzYgUqE= > =fBdH > -----END PGP SIGNATURE--- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists