WordPress.org

Ready to get started?Download WordPress

Forums

Possible Blind SQL Injection Issues (2 posts)

  1. Russ Williams
    Member
    Posted 4 years ago #

    It appears that using permalinks there could be a blind sql injection issue.

    ?s=+and+1%3D1
    ?s=+and+1%3D0

    Put the two strings behind your URL. The two pages should return to the same page, we are just passing 1=1(true) and 1=0(false) at the end, but the pages should respond in a similar fashion for each, yet we are getting completely different pages for each request.

    A concern?

  2. Francis Crossen
    Member
    Posted 4 years ago #

    I'm getting a consistent 404 for each link (i.e. the same result)
    Maybe it is not a core WordPress issue?
    How do I reproduce?

Topic Closed

This topic has been closed to new replies.

About this Topic