Ticket Navigation

Ticket #4357 (closed defect: fixed)

Opened 1 year ago

Last modified 1 year ago

2.2 remote SQL injection exploit, user registration, xmlrpc.php.

Reported by:	drhallows	Assigned to:	anonymous
Priority:	highest omg bbq	Milestone:	2.2.1
Component:	Security	Version:	2.2.1
Severity:	blocker	Keywords:
Cc:

Description (Last modified by foolswisdom)

Wordpress 2.2 remote SQL injection exploit, user registration, xmlrpc.php.

Apply [5570] int cast to 2.2 branch

Change History

05/29/07 02:50:37 changed by rob1n

status changed from new to closed.
resolution set to fixed.

(In [5584]) Apply [5570] to 2.2. fixes #4357

05/29/07 18:07:17 changed by foolswisdom

summary changed from Int cast. to Changeset 5570 for 2.2.1 (branch), Int cast..

05/29/07 20:42:22 changed by rob1n

summary changed from Changeset 5570 for 2.2.1 (branch), Int cast. to Apply [5570] int cast to 2.2 branch.

(follow-up: ↓ 5 ) 06/06/07 16:19:29 changed by Otto42

Note: Exploit code for this (fixed) bug is in the wild:

http://www.milw0rm.com/exploits/4039 http://wordpress.org/support/topic/120857

This bug enabled Remote SQL Injection. Might want to put the latest 2.2 out there quickly?

(in reply to: ↑ 4 ) 06/06/07 16:36:37 changed by westi

Replying to Otto42:

Note: Exploit code for this (fixed) bug is in the wild: http://www.milw0rm.com/exploits/4039 http://wordpress.org/support/topic/120857 This bug enabled Remote SQL Injection. Might want to put the latest 2.2 out there quickly?

If I read this correctly - isn't the exploit only viable if you have a valid username/password combo to use as there is a login check.

It is therefore only really serious for blogs with user registration enabled.

06/06/07 16:49:27 changed by Otto42

Yes, you are correct, you must have at least one valid user/pass combo. It says as much in the exploit code (after running it through Google Translate).

06/08/07 17:16:16 changed by foolswisdom

priority changed from high to highest omg bbq.
summary changed from Apply [5570] int cast to 2.2 branch to 2.2 remote SQL injection exploit, user registration, xmlrpc.php..
description changed.
severity changed from major to blocker.

Now widely published.

Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php. http://packetstormsecurity.org/0706-exploits/wp22xmlrpc-sql.txt

http://kev.coolcavemen.com/2007/06/wordpress-22-security-hole-identity-theft/

Download in other formats:

Comma-delimited Text
Tab-delimited Text
RSS Feed