[Plugin: Search Light] Potential for SQL Attacks

  • lachlan.mcdonald

    (@lachlanmcdonald)


    14 years, 5 months ago

    Perhaps I have missed something; but there doesn’t seem to be any kind of input sanitisation going on. If you look at the itsas_sqlWhere() and itsas_search() functions, it seems that the SQL queries are being constructed WITHOUT any safe-guards against SQL injection attacks.

    No where is $wpdb->prepare() or mysql_real_escape_string() called. If no sanitisation is present, this represents a massive security problem for the plugin users.

    http://wordpress.org/extend/plugins/search-light/

Viewing 3 replies - 1 through 3 (of 3 total)
  • Mark (podz)

    (@podz)

    14 years, 5 months ago

    Thanks – I’ve closed the plugin so the author – who I will notify – can investigate. It will be back when it is okay.

    Sabinou

    (@sabinou1)

    14 years, 1 month ago

    Dang, so that’s why the plugin’s page is gone. Can’t blame you.

    WordPress.org needs a “this plugin has been taken down because…” clause, I’m serious about it 🙁

    Edit : just found the Shortcoder plugin, because of an xss issue, has been temporarily removed until a new version is issued.
    I’ll insist again : the wordpress project NEEDS a special page to tell a plugin has been taken down, even if no reason is provided (providing one would be much better, of course, but it would be more work), treating plugins as if they never existed is definitely the wrong way.

    Sabinou

    (@sabinou1)

    14 years, 1 month ago

    Please, I’m asking just in case, since the plugin’s dev did nothing in 3 months and his latest blog post regarding the plugin is OOOOOOOOLD…

    Is it allowed to submit a fixed version of the code, or something like that ? Is forking recommended instead, or is it downright forbidden ?

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘[Plugin: Search Light] Potential for SQL Attacks’ is closed to new replies.