WordPress 2.5 Admin Login SQL Injection Rumour
BlogSec received an email yesterday with a rumour that an SQL Injection issue has been found in the Wordress 2.5 admin login screen.
There is currently no evidence to backup this claim, and we have received no further information. As time permits, we will investigate this issue further.
Random Posts
If you enjoyed this post, please leave a comment or subscribe to the feed and get future articles delivered to your feed reader.
Comments
That’s why you should always put your admin-interfaces behind a htaccess password-check (maybe even IP and useragent check).
Malte, I’m always a little reluctant to upgrade to a new release. Its sometimes wiser to hang back and wait a couple versions.
[...] comentan en BlogSecurity.net ayer recibieron un email con el rumor de que se ha encontrado una vulnerabilidad por inyección de [...]
[...] non c’è niente di certo, ma BlogSecurity sta investigando su una possibile falla di sicurezza in WordPress 2.5. Attualmente è solo un [...]
[...] BlogSecurity.net, found out that Wordpress 2.5, the newest stable version of wordpress blog software, that an issue [...]
[...] ist auf blogsecurity.net das Gerücht laut geworden, dass auch die neueste WP-Version 2.5 eine Sicherheitslücke im [...]
Ozh why do you think so? It’s some possibility and as WP is widely used it should be fixed as soon as possible, if it has a security hole. So if we can bring attention to the user we might find out if there’s a hole or not. As possible victims could bring it into connection with WP 2.5
[...] floating around because recent news suggests that WP 2.5 appears pretty safe, at this stage. Only rumors of some potential issues. A milw0rm search for wordpress 2.5 returns no [...]
[...] erste Anzeichen für eine mögliche Sicherheitslücke innerhalb der Login-Seite von WordPress wie BlogSecurity berichtet. Wer also auf der sicheren Seite bleiben will und keine der Neuerungen unbedingt benötigt sollte [...]
has this issue ever come to a head? there is controversy and discussion in Sphinn forum about this matter as we speak..has it been proven? Are there SQL vulnerabilities?
spostareduro, an SQL Injection issue has been found in 2.5. The details have not yet been published.
[...] on track with my precarious budget. And with resign, at the end of such a day I read about the rumors of a sql injection attack on the wordpress admin login . Damnit. I really, REALLY need to sleep. And see the sun before summer hits. But as it [...]
[...] quelques jours, une rumeur traîne sur une faille de sécurité dans la dernière version de Wordpress 2.5. Rumeur [...]
[...] rumor malintencionado el pretendido informe de una posible vulnerabilidad de inyección SQL en la pantalla de login de WordPress 2.5. O eso es lo que ha dicho Matt, con profusión de detalles, en su [...]
[...] Matthew Mullenweg en su blog, la versión 2.5 de WordPress no contiene vulnerabilidades, al hilo de un posible fallo de seguridad. En cualquier caso, el bueno de Matt nos aconseja adoptar tres medidas básicas para evitar [...]
I have been hacked almost daily. I have 2.5.1 plus all the hardening suggestions, but some hacker is still able to inject my wp_options and wp_users.
Help WOrdpress!
MJ, hopefully our new scanner project will help in situations like this where the vulnerability may be non-blog related.
I’d suggest backing up your data and then re-installing it.
Backing up my data 6 times a day has saved my bacon.
My last move was to change the table prefix of my database, drop and re-import my data.
I like to understand more about where the holes are. Is it the Wordpress code or the MySql database.
You can use wordpress stealth login like this tutorial http://xtremenitro.org/2008/12/29/stealth-login-secure-your-wordpress-login.html
[...] Rumor que encuentro en BlogSecurity, Según ellos, ayer recibieron un Meil, el cual Indicaba que en el Login de administración de [...]