Support » Requests and Feedback » Dangerous SQL Error Information

  • Today, I just register myself for a free wordpress blogging. I was adding categories when this error poped up.
    Database error: [Duplicate entry ‘Mood’ for key 2]
    INSERT INTO wp_geek_categories (cat_ID, cat_name, category_nicename, category_description, category_parent) VALUES (‘0’, ‘Mood’, ‘mood’, ”, ‘0’)
    Yes, I was aware enough when I click the add category button for the secon d time (the update seemd to be hung for my connection is walking lke a slug) but I didn’t expect that wordpress would spit out that dangerous SQL information. WordPress reveal its own database schema. Yummy, I wonder I could SQL inject it somewhere .. maybe the login stuff. This is just like that IPB, spitting out clear SQL error.
    This service I use is using WordPress 1.2

Viewing 2 replies - 1 through 2 (of 2 total)
  • Mark (podz)


    Support Maven

    This injection business has been dealt with OK ?
    If you are so concerned for your blog, and the blogs of all your fellow WP’ers, then REGISTER here, provide us with a link, and send a list of any and all security concerns to Matt (m at this domain).
    Nope, didn’t think you would.

    I don’t know if WordPress is subject to SQL Injection. It could as well as any web application based on an SQL database backend. All software has defects, it’s normal. But you have to find defects and it’s not simple at least when an application is developed with some security in mind; reading posts of WordPress “staff” I guess that they are at least aware of security issues and ready to accept any suggestion about vulnerabilities: that’s good.
    Anyway I want to underline a sentence in your post, Anonymous: “WordPress reveal its own database schema.”
    IMHO, this sentence is quite a nonsense for an open source application and even more for a web application like WordPress that is released with its code and database schema available worldwide.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Dangerous SQL Error Information’ is closed to new replies.