http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability Always something worth reading... Fri, 12 Mar 2010 11:09:45 +0000 http://wordpress.org/?v= hourly 1 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/comment-page-1#comment-6550 BlogSecurity » Blog Archive » WordPress Insecure by Design? Tue, 22 Jan 2008 20:47:16 +0000 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/#comment-6550 [...] security and exploit a UTF-7 SQL Injection exploit some time ago. Another example of this, was Abel Cheung’s Charset SQL Injection vulnerability, published last month (which in theory should still be [...] [...] security and exploit a UTF-7 SQL Injection exploit some time ago. Another example of this, was Abel Cheung’s Charset SQL Injection vulnerability, published last month (which in theory should still be [...]

]]> http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/comment-page-1#comment-6113 Wordpress 2.3.1 Charset SQL Injection Vulnerability | MySQL Security Wed, 12 Dec 2007 06:55:23 +0000 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/#comment-6113 [...] more from the original source: Wordpress 2.3.1 Charset SQL Injection Vulnerability ftp securityftp securityRelated Posts [waraxe-2007-SA#059] - XSS in WordPress [...] [...] more from the original source: Wordpress 2.3.1 Charset SQL Injection Vulnerability ftp securityftp securityRelated Posts [waraxe-2007-SA#059] – XSS in WordPress [...]

]]> http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/comment-page-1#comment-6107 Abel Cheung Tue, 11 Dec 2007 20:08:22 +0000 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/#comment-6107 My stupidity. Although I originally intend to say removing the function entirely, it was written in such bad way that, the meaning end up like what Flo said. Will update advisory soon. My stupidity. Although I originally intend to say removing the function entirely, it was written in such bad way that, the meaning end up like what Flo said. Will update advisory soon.

]]> http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/comment-page-1#comment-6105 Philipp Tue, 11 Dec 2007 19:00:59 +0000 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/#comment-6105 I can't talk for Abel, but mostly I believe he's aiming at removing it in such a way that it's not working at all anymore(although no direct link to it) I can’t talk for Abel, but mostly I believe he’s aiming at removing it in such a way that it’s not working at all anymore(although no direct link to it)

]]> http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/comment-page-1#comment-6103 Flo Tue, 11 Dec 2007 18:44:26 +0000 http://blogsecurity.net/wordpress/wordpress-231-charset-sql-injection-vulnerability/#comment-6103 I doubt that removing search from the theme would help much. One could still trigger the search (and therefore the exploit) over the URL, even if no results were shown. I doubt that removing search from the theme would help much. One could still trigger the search (and therefore the exploit) over the URL, even if no results were shown.

]]>