WebApp Sec mailing list archives

Previous By Date Next
Previous By Thread Next

WordPress Search Function SQL-Injection

From: SaMuschie <samuschie () yahoo de>
Date: Tue, 27 Feb 2007 21:39:55 +0100 (CET)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

+--------------------------------------- -  -- -
| SaMuschie Research Labs proudly presents . . .
+-------------------------------------------  -- -  -  
| Application: wordpress
| Version: <= 2.1.1
| Vuln./Exploit Type: SQL-Injection
| Status: 0day
+----------------------------------------- --  -  -  
| Discovered by: Samenspender
| Released: 20070227
| SaMuschie Release Number: 2
+------------------------------- -  -- -

Searching for a single ,,comma,, generates a sql error message.

e.g.:

http://wordpress-deutschland.org/?s=,

results in:

    "WordPress Datenbank-Fehler: [You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version for the right syntax to 
use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY 
post_date DE' at line 1] 
SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND () 
AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date DESC
LIMIT 0, 10"

+-----------------------------  -- -
| Lameness Disclaimer
+------------------------------------- - -- -  -  
| SaMuschie Research Labs was found to publish
| vulnerabilities within well known software products,
| which are easy to discover and exploit.
| 
| SaMuschie researchers just spend a minimum of time
| and knowledge for each vulnerability. Hence readers of 
| this advisory are requested not to ask any questions
| to the researchers.... they don't know the answer ;) 
+----------------------------------  - --  - -
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8
ZfylSi7g8HINHkpBYzYgUqE=
=fBdH
-----END PGP SIGNATURE-----


                
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de

-------------------------------------------------------------------------
Sponsored by: Watchfire

The Twelve Most Common Application-level Hack Attacks
Hackers continue to add billions to the cost of doing business online 
despite security executives' efforts to prevent malicious attacks. This 
whitepaper identifies the most common methods of attacks that we have seen, 
and outlines a guideline for developing secure web applications. 
Download today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701500000008fHe
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: