Sql injection on 2.6.2? | WordPress.org

nicola-colonna
(@nicola-colonna)

15 years, 6 months ago

Hi all, tonight my wassup plugin alert me on this attempt:

http://www.nicolacolonna.it/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/
http://www.nicolacolonna.it/index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/

my home page is http://www.nicolacolonna.it. I try the link, and the answer is “No page found”. I search in html code but i don’t find any password information.

I know sql language, and I understand what the query try to do. It can be dangerous in this versione of wordpress (2.6.2)?

p.s. sorry for my english, I’m italian!

The topic ‘Sql injection on 2.6.2?’ is closed to new replies.

Tags

sql injection

In: Fixing WordPress
0 replies
1 participant
Last reply from: nicola-colonna
Last activity: 15 years, 6 months ago
Status: not resolved

Topics

Topics with no replies

Non-support topics

Resolved topics

Unresolved topics

All topics