WordPress 3.1.3 injection vulnerability-vulnerability warning-the black bar safety net

2011-07-05T00:00:00
ID MYHACK58:62201131147
Type myhack58
Reporter 佚名
Modified 2011-07-05T00:00:00

Description

First:

get_terms()过滤器 文件 中声 明 taxonomy.php not properly validate user input, allowing an attacker to construct arbitrary sql commands can be used to blind.

The following URL can be used to perform SQL blind injection attack [SQL injection] sql-injection

http://localhost/wp-admin/edit-tags.php?taxonomy=link_category&orderby=[SQL

injection]&order=[SQL injection]

http://localhost/wp-admin/edit-tags.php?taxonomy=post_tag&orderby=[SQL

injection]&order=[SQL injection]

http://localhost/wp-admin/edit-tags.php?taxonomy=category&orderby=[SQL

injection]&order=[SQL injection]

Second: get_bookmarks()function declared bookmark. php file does not properly validate user input This can also be blind The following URL can be used to perform SQL blind injection attack http://localhost/wp-admin/link-manager.php?orderby=[SQLinjection]&order=[SQL injection]

WordPress has confirmed the vulnerability exists.

Vulnerability solution: Upgrade to 3. 1. 4 or 3.2-RC3 version.