http://crowdfavorite.com/ loads fine here.
On Mon, Mar 1, 2010 at 4:03 PM, Jan G.B. <[email protected]> wrote: > Hi there, > > I just noticed that authenticated users for the admin area of a wordpress > blog may inject code into database queries, when the plugin "Analytics360" > is activated. > > ### BASIC INFORMATION ### > > Plugin Name: Analytics360 > Plugin URI: > http://www.mailchimp.com/wordpress_analytics_plugin/?pid=wordpress&source=website > Author: Crowd Favorite > Author URI: http://crowdfavorite.com > > > ### Affected Version ### > > Analytics360 v.1.2 > (and earlier Versions, I guess…) > > > ### Risk ### > > Well, I can't classify this. When you're not insane, you shouldn't have > people as admins, who inject code into the database queries. > But, when you have such admins, or your WP-Login is collected by phishing > or something alike, your db server and data may be at risk. > It all depends on your setup and permissions. However, the bug is easy to > fix and so it should be fixed. > > http://codex.wordpress.org/Function_Reference/wpdb_Class#Run_Any_Query_on_the_Database > > > ### DETAILS ### > > The code contains this evil part in analytics360.php: > -------- > case 'get_wp_posts': > add_filter('posts_where', create_function( > '$where', > 'return $where." AND post_date >= > \''.$_GET['start_date'].'\' AND post_date < \''.$_GET['end_date'].'\'";' > )); > -------- > > > ### Disclosure Timeline ### > > You're the first to know. > Anyone is able to telnet crowdfavorite.com:80 ? As I'm writing this, the > site is unresponsive. > So this is what happens when you include a website as contact information: > you don't get the message. > > > Regards > > > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
