Wordpress 1.5.2 Security Flaw
The Gentoo people noticed this SQL escaping bug in Wordpress 1.5.2, which I use to power this blog:
I found the latest stable version of Wordpress (1.5.2) vulnerable to SQL injection. The application is vulnerable as the user_agent HTTP header is not properly escaped when submitting a comment to an article.
In order to trigger the issue:
1. Add a ‘ into the user agent value of your browser alternatively use a proxy such as paros (www.parosproxy.org) to manipulate the HTTP header.
2. Add a new comment containing anything
3. The application will return an error message when trying to perform the INSERT INTO wp_comments.
Fortunately, this sequence will not be triggered if the comments are set to go straight to moderation. I first saw this reported here. I was unable to reproduce this bug on any of my blogs, however, so it may simply be a big bug scare…
This entry was posted on Monday, March 6th, 2006 at 4:30 pm and is tagged with latest stable version, security flaw, gentoo, moderation, error message, scare, sql, http header, blogs, blog. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback.
Add New Comment
Viewing 2 Comments
Thanks. Your comment is awaiting approval by a moderator.
Do you already have an account? Log in and claim this comment.
Do you already have an account? Log in and claim this comment.
Do you already have an account? Log in and claim this comment.
Add New Comment
Trackbacks
(Trackback URL)