WordPress.org

Forums

SQL Injection in WordPress (6 posts)

  1. 31337_HaX0R
    Member
    Posted 11 years ago #

    Is anyone else aware that you can bypass authentication in WordPress by using SQL Injection? Can we get this fixed soon please?

  2. Root
    Member
    Posted 11 years ago #

    Well thanks for telling the whole world.

  3. Matt Mullenweg
    Troublemaker
    Posted 11 years ago #

    If you think you've found a security problem feel free to email me at any time. I would email you, but the address you used to register is fake.

  4. 31337_HaX0R
    Member
    Posted 11 years ago #

    Hmm... I think I jumped the gun... I've tested this and I'm not seeing a problem. Sorry. My bad.
    From a recent Nessus scan:
    . Vulnerability found on port http (80/tcp) :
    The following URLs seem to be vulnerable to various SQL injection
    techniques :
    /index.php?submit=Search&cat=1&m=' or 1=1--&p=11&s=&
    /index.php?submit=Search&cat=1&m=' or 'a'='a&p=11&s=&
    /index.php?submit=Search&cat=1&m=') or ('a'='a&p=11&s=&
    An attacker may exploit this flaws to bypass authentication
    or to take the control of the remote database.
    Solution : Modify the relevant CGIs so that they properly escape arguments
    Risk Factor : Serious
    See also : http://www.securiteam.com/securityreviews/5DP0N1P76E.html

  5. carthik
    Member
    Posted 11 years ago #

    It seems to be all about MS SQL, not MySql, at least the linked page is all about it.

  6. Matt Mullenweg
    Troublemaker
    Posted 11 years ago #

    We sanitize all those variables, so it shouldn't be a problem. If you do find any problems, be sure to contact the developers in a prompt manner.

Topic Closed

This topic has been closed to new replies.

About this Topic

Tags

No tags yet.