WordPress 2.2 Security Alert SQL Injection Exploit

Update: Note that this SQL Inject “Exploit” can only work if the attacker has obtained a valid username and password for your blog. Otherwise the login check which is run before the $max_results var is used will stop the attack.

Thanks to westi for the Info

Looks like a SQL injection exploit in the XML-RPC has been found for wordpress 2.2. Currently no patch or release is available. You can see the proof of concept here. This has been fixed in the trac you can see it here. It requires you to change only one line of code in your XML-RPC.php file. (This file is located in the root directory where wordpress is installed.) XML-RPC file is used by external blog editors to interface with WordPress. To fix this issue your self you can follow the given steps outlined.

Open your XML-RPC.php file with notepad I prefer Notepad ++.
find the following lines of code on line 573


$password               = $args[2];
$category               = $args[3];
$max_results            = $args[4];

if(!$this->login_pass_ok($username, $password)) {

Change the following line of code to


$max_results            = (int) $args[4];

Source anieto2k.com

3 Responses

Note that this SQL Inject “Exploit” can only work if the attacker has obtained a valid username and password for your blog. Otherwise the login check which is run before the $max_results var is used will stop the attack.

Thanks for that info westi I’ll update the article.

Has this been resolved yet?

Trackbacks/Pingbacks