Sql injection on 2.6.2?
-
Hi all, tonight my wassup plugin alert me on this attempt:
http://www.nicolacolonna.it/index.php?cat=%2527+UNION+SELECT+CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58))+FROM+wp_users+where+id=1/
http://www.nicolacolonna.it/index.php?cat=999+UNION+SELECT+null,CONCAT(666,CHAR(58),user_pass,CHAR(58),666,CHAR(58)),null,null,null+FROM+wp_users+where+id=1/my home page is http://www.nicolacolonna.it. I try the link, and the answer is “No page found”. I search in html code but i don’t find any password information.
I know sql language, and I understand what the query try to do. It can be dangerous in this versione of wordpress (2.6.2)?
p.s. sorry for my english, I’m italian!
- The topic ‘Sql injection on 2.6.2?’ is closed to new replies.