Title: SQL Injection Last modified: August 20, 2016 --- # SQL Injection * [aramosf](https://wordpress.org/support/users/aramosf/) * (@aramosf) * [13 years, 2 months ago](https://wordpress.org/support/topic/sql-injection-3/) * Hello again, * Bad news, there are a lot of SQL Injections vulnerabilities in the code. For example, the file admin/luc_admin.php have an unvalidated “$querylimit”. * (one example) […] $querylimit = (isset ($_POST[‘hitsrows’]) ? $_POST[‘hitsrows’]: $StatPressV_Option[‘StatPressV_Rows_Per_Latest’]); […] $rks = $wpdb->get_results(“ SELECT date, time, ip,urlrequested, os, browser,feed,user, language, country, post_title FROM $table_name WHERE (os<>” OR browser <>”) AND `spider` NOT LIKE‘% Spam Bot%’ ORDER BY id DESC LIMIT $querylimit;”); * […] As far I know, exploit after “LIMIT” is not easy/trivial, but the vulnerability exists and should be fixed. * I don’t check entire code, so, maybe others files have more. * Regards. * [http://wordpress.org/extend/plugins/statpress-visitors/](http://wordpress.org/extend/plugins/statpress-visitors/) Viewing 5 replies - 1 through 5 (of 5 total) * Plugin Author [luciole135](https://wordpress.org/support/users/luciole135/) * (@luciole135) * [13 years, 2 months ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531728) * Hi, Thank you for your interest in this issue and your suggestion is precious to me. This part of the code is only accessible from the WordPress admin. This complicates enormously the task because the fault must pass through the WordPress administration which is itself secure. This limit is chosen via a drop down list on the main page and I do not see how it is possible to break it. In these circumstances, do you really believe it is important to ensure that this limit is an integer between 5 and 500? If you think so, i do it. But all the options arent validate too ! Regards * Thread Starter [aramosf](https://wordpress.org/support/users/aramosf/) * (@aramosf) * [13 years, 2 months ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531805) * Hello, * You can bypass the “validation” of the drop down list, just POSTing with some tool/manually the string that you want, for example, with simple curl command. You only need the correct wp-admin SESSION to do that. * As you said, it’s only in the wordpress administration, but what happend if the mysql user is root? You can read contents from another databases, or file systems or maybe, run commands in the OS. Remember in wordpress there are others kinds of users like editors, contributors, etc. * Regards * Plugin Author [luciole135](https://wordpress.org/support/users/luciole135/) * (@luciole135) * [13 years, 2 months ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531806) * Indeed, there are people as contributors, users who can access to the wordpress admin. The enemy can come from within! I will validate all entries on pages to prevent them from attempting to achieve this feat. it will take some time. Regards * Thread Starter [aramosf](https://wordpress.org/support/users/aramosf/) * (@aramosf) * [13 years, 1 month ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531992) * Hello! * Any news about that? * Regards * Plugin Author [luciole135](https://wordpress.org/support/users/luciole135/) * (@luciole135) * [13 years, 1 month ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531993) * According to my test, attempts injections through dropdowns fail because the processing AJAX. I am finalizing the new version, it takes me more time than expected. Viewing 5 replies - 1 through 5 (of 5 total) The topic ‘SQL Injection’ is closed to new replies. * ![](https://s.w.org/plugins/geopattern-icon/statpress-visitors.svg) * [StatPress Visitors](https://wordpress.org/plugins/statpress-visitors/) * [Frequently Asked Questions](https://wordpress.org/plugins/statpress-visitors/#faq) * [Support Threads](https://wordpress.org/support/plugin/statpress-visitors/) * [Active Topics](https://wordpress.org/support/plugin/statpress-visitors/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/statpress-visitors/unresolved/) * [Reviews](https://wordpress.org/support/plugin/statpress-visitors/reviews/) * 5 replies * 2 participants * Last reply from: [luciole135](https://wordpress.org/support/users/luciole135/) * Last activity: [13 years, 1 month ago](https://wordpress.org/support/topic/sql-injection-3/#post-3531993) * Status: not resolved