Wordpress admin-ajax.php远程SQL注入漏洞

WordPress是一款免费的论坛Blog系统。 WordPress实现上存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击非授权访问数据库。 WordPress的wp-admin/admin-ajax.php文件没有正确验证对cookie参数的输入。在wp-admin/admin-ajax.php的6行： ------------------source code---------------------- define'DOINGAJAX', true; checkajaxreferer; if !isuserloggedin die'-1';...

WordPress <= 2.1 - SQL Injection

Because of this vulnerability in wp-admin/admin-ajax.php,the attackers can execute arbitrary SQL commands via the "cookie" parameter. Solution Update WordPress...

WordPress < 2.1.4 'admin-ajax.php' SQLi

Binary data 3995.prm...

Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit

Exploit for unknown platform in category web applications ================================================================== Wordpress 2.1.3 admin-ajax.php SQL Injection Blind Fishing Exploit ================================================================== ?php errorreportingEALL; $normdelay = ...

WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing

WordPress 2.1.3 - admin-ajax.php SQL Injection Blind Fishing ?php errorreportingEALL; $normdelay = 0; /////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////// // WordPress 2.1.3 "admin-ajax.php" sql injection...