Clazh
May 29
9

Wordpress 2.2 Security Alert SQL Injection Exploit

Posted By Arpit Jacob

Update: Note that this SQL Inject “Exploit” can only work if the attacker has obtained a valid username and password for your blog. Otherwise the login check which is run before the $max_results var is used will stop the attack.

Thanks to westi for the Info

Looks like a SQL injection exploit in the XML-RPC has been found for wordpress 2.2. Currently no patch or release is available. You can see the proof of concept here. This has been fixed in the trac you can see it here. It requires you to change only one line of code in your XML-RPC.php file. (This file is located in the root directory where wordpress is installed.) XML-RPC file is used by external blog editors to interface with Wordpress. To fix this issue your self you can follow the given steps outlined.

Open your XML-RPC.php file with notepad I prefer Notepad ++.
find the following lines of code on line 573


$password               = $args[2];
$category               = $args[3];
$max_results            = $args[4]; 

if(!$this->login_pass_ok($username, $password)) {

Change the following line of code to


$max_results            = (int) $args[4];

Source anieto2k.com

Tags:
Category: Blogging, Wordpress
Get RSS Feed
This entry was posted on Tuesday, May 29th, 2007 at 7:29 am and is filed under Blogging, Wordpress.
  • You can follow any responses to this entry through the RSS 2.0 feed.
    • Both comments and pings are currently closed.

3 Comments

Gravatar 1

Note that this SQL Inject “Exploit” can only work if the attacker has obtained a valid username and password for your blog. Otherwise the login check which is run before the $max_results var is used will stop the attack.

westi Posted on Tuesday, May 29th, 2007 at 4:15 pm
avatar 2

Thanks for that info westi I’ll update the article.

Arpit Jacob Posted on Tuesday, May 29th, 2007 at 4:18 pm
Gravatar 3

Has this been resolved yet?

okinawa Posted on Sunday, June 1st, 2008 at 5:49 am

6 Trackbacks/Pingbacks

BloggingTom
Trackback on May 29, 2007

Wordpress und die Sicherheit…

Rein gefühlsmässig hat die Anzahl der Updates und Upgrades von Wordpress in den letzten Monaten, nicht zuletzt durch diverse Sicherheitslücken, ziemlich zugenommen. Dass auf Sicherheitslücken rasch reagiert wird, ist nicht nur löblich sondern auc…

Puppet Master's living room
Trackback on May 29, 2007

Sicherheit bei Wordpress…

Wieder ist ein Sicherheitsleck in Wordpress bekannt geworden. Es betrifft die Datei xmlrpc.php
Auf Zeile 541 ist folgender Code zu lesen.
$max_results = $args[4];
Diese Zeile ermöglicht es die Tabelle wp_users auszulesen. Beheben kann man dies in…

bojeonline.de
Trackback on May 31, 2007

Kleines Leck in WP 2.2…

Über eine Sicherheitslücke im neuen Wordpress 2.2 sind theoretisch SQL Injections möglich, jedenfalls, wenn die Userregistrierung eingeschaltet ist. Dazu genügt ein Useraccount mit geringsten Rechten. Es gibt derzeit keinen Patch, doch ist es auch …

DimidoBlog » Bloglinks der Woche 28.05.-03.06.2007
Pingback on June 4, 2007

[…] wiedermal Sicherheitslücke in Wordpress 2.2 auf XSBlog2.0beta, via Clazh und […]

Saber é Bom Demais!! » Blog Archive » Fui vítima de um hacker
Pingback on June 4, 2007

[…] Firefox/2.0.0.4″ Supõe-se que ele tenha utilizado um exploit. Dá uma olhada aqui e aqui. Melhor eu colocar “minhas barbas” de […]

Paulo Duarte » Falha do WordPress 2.2 permite código malicioso
Pingback on June 16, 2007

[…] artigo (espanhol) e este (inglês) explicam a existência de uma falha no Wordpress 2.2 que permite injetar código malicioso […]

Sorry, comments for this entry are closed at this time.

All Rights Reserved Copyright © 2009, and Design by Arpit Jacob. XML SiteMap, XHTML Sitemap, RSS Entries and Comments