mwaterousA few days ago I had a bunch of pimply faced little script kiddiez send their botnet against my site, firing off a tonne of weak RFI attempts (one of them even tried to exploit a phpBB vulnerability... you guys are so cool you can't even tell I'm running WordPress and not a forum?).
So, I posted a blog making fun of them. Probably not the best idea, in the off chance that one of their little friends might actually have some actual skills. Nevertheless, I felt they deserved some public humiliation -- I also managed to get one of their botnet servers shut off, but I'm no hacker so that was through the proper channels.
Anywho, I seem to have pissed them off because they're back, trying some new SQL injection attacks (thats a step up I guess) that are actually targeted at WordPress (atleast they figured that much out).
They tried running a union query to get my password, and I was just curious if there is or ever was a version of WordPress that was vulnerable to this kind of low-level attack?
?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/*
and
?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/*
PS: I realize that's not what the forum meant when it was titled "Plugins and Hacks" but I thought it was ironically appropriate.
PPS: I put 2.8.6 in the version, but it's showing up as 2.8.5...
