| To: | bugtraq@securityfocus.com |
|---|---|
| Subject: | Re: WordPress Search Function SQL-Injection |
| From: | kelson@pobox.com |
| Date: | 27 Feb 2007 22:23:32 -0000 |
| Delivered-to: | sp-com-lists@consult.net |
| Delivered-to: | bugtraq-list@securepoint.com |
| Delivered-to: | mailing list bugtraq@securityfocus.com |
| Delivered-to: | moderator for bugtraq@securityfocus.com |
| List-help: | <mailto:bugtraq-help@securityfocus.com> |
| List-id: | <bugtraq.list-id.securityfocus.com> |
| List-post: | <mailto:bugtraq@securityfocus.com> |
| List-subscribe: | <mailto:bugtraq-subscribe@securityfocus.com> |
| List-unsubscribe: | <mailto:bugtraq-unsubscribe@securityfocus.com> |
| Mailing-list: | contact bugtraq-help@securityfocus.com; run by ezmlm |
This looks like the bug described here: http://trac.wordpress.org/ticket/3722 "DB error when sanitized search string results in empty query" (Filed January 31) According to that page: > I guess it's also worth mentioning that commas > _are_ being sanitized. The reason for the error is > that once the commas are gone WordPress attempts > to wrap the search query with "AND ( $search )" > > Since $search is null MySQL throws up an error. The same error results from searching for just a space. In either case, adding other characters to the field results in the expected query. It doesn't look like injection would be possible. |
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Xbox 360 Hypervisor Privilege Escalation Vulnerability, Anonymous Hacker |
|---|---|
| Next by Date: | Re: WordPress Search Function SQL-Injection, ascii |
| Previous by Thread: | Re: WordPress Search Function SQL-Injection, ascii |
| Next by Thread: | Nullsoft ShoutcastServer Persistant XSS - 0day, SaMuschie |
| Indexes: | [Date] [Thread] [Top] [All Lists] |