Re: [CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]

[Leonard den Ottolander]

On Tue, 2010-12-21 at 13:44 +0100, Leonard den Ottolander wrote:
 The patch shown in
 http://core.trac.wordpress.org/changeset/16625
 
 prompted me to try a
 
 $ grep -r \=\ \%s\ *
 
 in the web root of a WordPress installation. The matches are a bunch of
 possible SQL injections. Haven't checked the actual code paths,

This turned out to a wild goose chase: For all matches the substituted
strings are being quoted via wpdb-prepare().

Regard,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]

[Leonard den Ottolander]

Hello Jerry,

On Thu, 2010-12-02 at 15:34 -0800, Jerry Franz wrote:
 And in an exact example of this, today I needed to update some WordPress 
 (WP) installations. Only, for some reason the FTP based autoupdater 
 didn't work today.

Do you feel comfortable letting a web application update itself using
FTP or even SSH credentials?

http://wordpress.org/support/topic/filesystem-credentials-very-bad-practice-and-totally-unnecessary

https://bugzilla.redhat.com/show_bug.cgi?id=659294

The patch shown in
http://core.trac.wordpress.org/changeset/16625

prompted me to try a

$ grep -r \=\ \%s\ *

in the web root of a WordPress installation. The matches are a bunch of
possible SQL injections. Haven't checked the actual code paths, but note
how all these strings are unescaped and potentially allow the addition
of extra statements using ';'.

Regards,
Leonard.

-- 
mount -t life -o ro /dev/dna /genetic/research


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos