Search...

WordPress blog.header.php Multiple Variable SQL Injection

2003-10-02T13:36:23

ID OSVDB:4609
Type osvdb
Reporter Seth Alan Woolley(seth@tautology.org)
Modified 2003-10-02T13:36:23

Description

Vulnerability Description

WordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

Solution Description

Upgrade to version 0.72 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Manual Testing Notes

http://[victim]/index.php?order_by=100)%09or%090=0%09or%09(0=1 http://[victim]/index.php?cat=100)%09or%090=0%09or%09(0=1

References:

Vendor URL: http://wordpress.org/ Secunia Advisory ID:9937 Other Advisory URL: http://packetstormsecurity.nl/0310-exploits/cafelog.txt Nessus Plugin ID:11866 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0109.html Bugtraq ID: 8756

JSON Vulners Source

Initial Source

{"type": "osvdb", "published": "2003-10-02T13:36:23", "href": "https://vulners.com/osvdb/OSVDB:4609", "bulletinFamily": "software", "cvss": {"vector": "NONE", "score": 0.0}, "viewCount": 0, "edition": 1, "reporter": "Seth Alan Woolley(seth@tautology.org)", "title": "WordPress blog.header.php Multiple Variable SQL Injection", "affectedSoftware": [{"operator": "eq", "version": "0.71", "name": "WordPress"}], "enchantments": {"score": {"value": 0.9, "vector": "NONE", "modified": "2017-04-28T13:19:59", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:19:59", "rev": 2}, "vulnersScore": 0.9}, "references": [], "id": "OSVDB:4609", "lastseen": "2017-04-28T13:19:59", "cvelist": [], "modified": "2003-10-02T13:36:23", "description": "## Vulnerability Description\nWordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.\n## Solution Description\nUpgrade to version 0.72 RC1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nWordPress contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'order_by' and 'cat' variable in the 'blog.header.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.\n## Manual Testing Notes\nhttp://[victim]/index.php?order_by=100)%09or%090=0%09or%09(0=1\nhttp://[victim]/index.php?cat=100)%09or%090=0%09or%09(0=1\n## References:\nVendor URL: http://wordpress.org/\n[Secunia Advisory ID:9937](https://secuniaresearch.flexerasoftware.com/advisories/9937/)\nOther Advisory URL: http://packetstormsecurity.nl/0310-exploits/cafelog.txt\n[Nessus Plugin ID:11866](https://vulners.com/search?query=pluginID:11866)\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2003-q4/0109.html\nBugtraq ID: 8756\n"}