[39089] in bugtraq
Re: SQL Injection Exploit for WordPress <= 1.5.1.1
daemon@ATHENA.MIT.EDU (Giorgio Mandolfo)
Tue Jun 7 16:35:45 2005
Date: Tue, 7 Jun 2005 22:24:38 +0200
From: Giorgio Mandolfo <giorgio@mandolph.ath.cx>
To: bugtraq@securityfocus.com
Message-ID: <20050607202437.GA22904@mandolph.ath.cx>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <002d01c56b98$cfc14cc0$0100a8c0@alberto>
* Alberto Trivero <trivero@jumpy.it> [070605, 21:40]:
> #!/usr/bin/perl -w
Thanks for the code.
In any case I get 'Unable to retrieve username' and 'hash of password'
That's quite strange since I run a exploitable version.
According to wp-includes/version.php this is Wordpress 1.5 (old install from a
gentoo system)
GLSA 200506-04 says that Wordpress < 1.5.1.2 is vulnerable, but it seems not to
be the case.
Who can clarify?
Thanks,
Giorgio
--
BOFH excuse #449:
greenpeace free'd the mallocs
