Posted 3 years ago #
I searched and didn't see any mention of today's Bugtraq posting on SQL injection. Looks like one is a path disclosure issue, no biggie, but I'm not sure about the other (I don't yet run WP, so I can't test- I'm in the pre-install evaluation stage.) The example given for 2.0.5 makes me a bit nervous though. Since I don't see an obvious place for security stuff, I figured I'd try here- any comments?
The relevant bit:[Edit - code removed. It will be passed on - Podz]
Thanks,
Paul
Posted 3 years ago #
2.0.5 ? are you sure about that ? because the most recent stable version is 2.0.4 and as far as i know that wordpress version 2.0.4 is the most secure version of wordpress as for now except that if you're using WP-DB Backup plugin (its already fixed)
Well yes it refers to 2.0.5 which doesn't exist.
And as far as I can see it doesn't do anything anyway.
Someone looking for fame I expect.
someone who already has fame; google the email addy of the reporter: http://www.google.com/search?hl=en&lr=&q=vannovax%40gmail.com&btnG=Search
Posted 3 years ago #
I'm not sure how the subversion versions are numbered, but I did notice the version number discrepency. I'm also not sure if the path disclosure issue was also related to the other half-a-bazillion scripts listed in the posting, which I didn't cut and paste.
Path disclosure issues are generally precursors to other types of attack, since once you know where something lives, you can either find where something exploitable lives or use that as a basis for getting something on the box and then calling it from elsewhere. If nothing else is exploitable, then they're really not that big a deal.
It's not the most informative Bugtraq posting ever, but two things worried me- the first is any time I see the term "SQL injection" followed by a URL with "Create Table" in it- that tends to set off alarm bells.
The second thing is that there's no obvious security link on the WP site. This means that (a) I'm not sure if the Bugtraq poster was just a jerk, or if they couldn't figure out who to contact before doing the posting, or (b) if they did contact someone but there's no way for an interested party to figure that out.
Paul
Subversion versions are still numbered with normal version numbers - there is no version of WordPress that has been called 2.0.5. There is 2.0.4 or 2.1 which is the current development version.
The path disclosure issue - is not an issue period.
If you feel it is an issue then you should configure the server to not show warnings / errors.
And anyway you only have to download the open source code to know all the files names so hiding them wouldn't protect against anything.
I have tested the supposed exploit and it does nothing.
This topic has been closed to new replies.
