WordPress.org

Ready to get started?Download WordPress

Forums

Sql injection on 2.6.2? (1 post)

  1. Nicola Colonna
    Member
    Posted 5 years ago #

    Hi all, tonight my wassup plugin alert me on this attempt:

    http://www.nicolacolonna.it/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/
    http://www.nicolacolonna.it/index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/

    my home page is http://www.nicolacolonna.it. I try the link, and the answer is "No page found". I search in html code but i don't find any password information.

    I know sql language, and I understand what the query try to do. It can be dangerous in this versione of wordpress (2.6.2)?

    p.s. sorry for my english, I'm italian!

Topic Closed

This topic has been closed to new replies.

About this Topic