Comments on: WordPress 2.3.1 SQL Injection Vulnerability

By: Vladimir

Vladimir — Mon, 16 Jun 2008 06:20:37 +0000

Actually, this “hack” allows to gather enough information to launch another attack and gain admin privileges :-) For 2.3.x branch.

Sorry, I won’t publish details.

By: Nueva Vulnerabilidad en Wordpress « Celciuz’s Weblog

Nueva Vulnerabilidad en Wordpress « Celciuz’s Weblog — Wed, 02 Jan 2008 01:12:37 +0000

[...] otherz: Remote SQL inyection on Wordpress 2.3.1 [...]

By: WordPress 2.3.2 推出 by BloggingPro China

WordPress 2.3.2 推出 by BloggingPro China — Mon, 31 Dec 2007 03:53:58 +0000

[...] btw: 很早前我就看到了 WP 2.3.1 SQL 注入的漏洞，并且测试了几个 Blog 确实管用 -_-b。考虑到安全问题，没有报道。现在有了解决办法，说出来也无妨了。如果您需要了解细节，转向到这里来看 [...]

By: Urgent Security Update to Wordpress « Zit Seng’s Superwall

Urgent Security Update to Wordpress « Zit Seng’s Superwall — Sun, 30 Dec 2007 04:41:27 +0000

[...] necessitated an urgent security release. Wordpress 2.3.2 is now available. One of the problem is a SQL Injection Vulnerability that exposes internal information about your Wordpress installation. These are common problems that [...]

By: WordPress Wednesday News: WordPress Theme Viewer Waits, New Social Network, Security Issues, Austin Grows, Gravatars Enabled, WordPress Books, Matt Cutts, and More : The Blog Herald

Thu, 13 Dec 2007 04:15:33 +0000

[...] Blog Security – WordPress information disclosure vulnerability [...]

By: BlogSecurity » Blog Archive » wpdberrors plugin: removing WordPress DB errors

Tue, 11 Dec 2007 13:40:08 +0000

[...] recent WordPress information disclosure vulnerability demonstrates the potential dangers of having these error messages displayed to the user. It leaks [...]

By: Ozh

Ozh — Tue, 11 Dec 2007 08:40:25 +0000

Yet another “OMG SQL HAX VULNERABILITY” critical alert that I cannot reproduce on any of my blogs, running on different software combinations.

The sad thing is that everybody’s relaying this information. The saddest thing is that the so called experts who found this bother as usual more about exposure than sharing their findings with developpers. This is pathetic.

By: blad3

blad3 — Tue, 11 Dec 2007 08:39:44 +0000

It would better to try to reproduce the vulnerability before posting it on your blog. A lot of lamers are posting crap on security lists without testing or even understanding what they found. Don’t help them get more attention.

By: Michael Clark

Michael Clark — Mon, 10 Dec 2007 22:07:48 +0000

I’m unable to reproduce this as well. Maybe it only works on specific versions of MySQL.

By: blogator.de » Blog Archive » SQL Injection for WordPress 2.3.1

blogator.de » Blog Archive » SQL Injection for WordPress 2.3.1 — Mon, 10 Dec 2007 21:58:50 +0000

[...] ist mal wieder so weit. Es gibt eine SQL Injection. Aktuell soll es noch keinen Patch geben. Evtl. kann aber dieses hier helfen. Ansonsten hilft ein [...]