Home page logo

bugtraq logo Bugtraq mailing list archives

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure
From: "zck zck" <zckzck () gmail com>
Date: Wed, 12 Jul 2006 10:24:05 +0300

Isn't this actually an SQL Injection rather than information leakage?

Try :

I mean, the error message (this time in English) is:
WordPress database error: [You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '-10, 10' at line 1]

It specifically says that "You have an error in your SQL syntax",
which means my input goes into the query...

-----Original Message-----
From: xzerox () linuxmail org [mailto:xzerox () linuxmail org]
Sent: Sunday, July 02, 2006 12:15
To: bugtraq () securityfocus com
Subject: WordPress 2.0.3 SQL Error and Full Path Disclosure

WordPress 2.0.3 SQL Error and Full Path Disclosure
Discovered By zero [Moroccan Security Team]
Software: WordPress 2.0.3
Site : www.wordpress.org

~ SQL Error ~




WordPress database error: [Erreur de syntaxe pr?s de '-20, 10' ? la
ligne 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <=
'2006-06-29 12:46:59' AND (post_status = "publish") AND post_status !=
"attachment" GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -20, 10

~ Full path ~

/wp-content/themes/classic/comments- popup.php


simo64, tahati, net_ghost, dabdoub, simo dreaminfo, iss4m, zerosecure,
hunter, themenotor ...


Author: Mourad [ zero ]
Email : xzerox(at)linuxmail(dot)org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]