Can't replicate this in 2.0.7. Is this only for the 2.1.x branch then? On Tue, 27 Feb 2007 21:39:55 +0100 (CET), SaMuschie <samuschie@xxxxxxxx> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > +--------------------------------------- - -- - > | SaMuschie Research Labs proudly presents . . . > +------------------------------------------- -- - - > | Application: wordpress > | Version: <= 2.1.1 > | Vuln./Exploit Type: SQL-Injection > | Status: 0day > +----------------------------------------- -- - - > | Discovered by: Samenspender > | Released: 20070227 > | SaMuschie Release Number: 2 > +------------------------------- - -- - > > Searching for a single ,,comma,, generates a sql error message. > > e.g.: > > http://wordpress-deutschland.org/?s=, > > results in: > > "WordPress Datenbank-Fehler: [You have an error in your SQL syntax; > check the > manual that corresponds to your MySQL server version for the right syntax > to > use near ') AND (post_type = 'post' AND (post_status = 'publish')) ORDER > BY > post_date DE' at line 1] > SELECT SQL_CALC_FOUND_ROWS wpdorg_posts.* FROM wpdorg_posts WHERE 1=1 AND > () > AND (post_type = 'post' AND (post_status = 'publish')) ORDER BY post_date > DESC > LIMIT 0, 10" > > +----------------------------- -- - > | Lameness Disclaimer > +------------------------------------- - -- - - > | SaMuschie Research Labs was found to publish > | vulnerabilities within well known software products, > | which are easy to discover and exploit. > | > | SaMuschie researchers just spend a minimum of time > | and knowledge for each vulnerability. Hence readers of > | this advisory are requested not to ask any questions > | to the researchers.... they don't know the answer ;) > +---------------------------------- - -- - - > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFF5GSdMFgfGpQK8VERAvOWAJwLms5H6b4So3tO19lc3eHMGeNvLwCdHAP8 > ZfylSi7g8HINHkpBYzYgUqE= > =fBdH > -----END PGP SIGNATURE---
