Ticket #4357 (closed defect (bug): fixed)
2.2 remote SQL injection exploit, user registration, xmlrpc.php.
| Reported by: |
|
Owned by: |
|
|---|---|---|---|
| Priority: | highest omg bbq | Milestone: | 2.2.1 |
| Component: | Security | Version: | 2.2.1 |
| Severity: | blocker | Keywords: | |
| Cc: |
Change History
comment:2
foolswisdom — 5 years ago
- Summary changed from Int cast. to Changeset 5570 for 2.2.1 (branch), Int cast.
- Summary changed from Changeset 5570 for 2.2.1 (branch), Int cast. to Apply [5570] int cast to 2.2 branch
Note: Exploit code for this (fixed) bug is in the wild:
http://www.milw0rm.com/exploits/4039 http://wordpress.org/support/topic/120857
This bug enabled Remote SQL Injection. Might want to put the latest 2.2 out there quickly?
Replying to Otto42:
Note: Exploit code for this (fixed) bug is in the wild:
http://www.milw0rm.com/exploits/4039 http://wordpress.org/support/topic/120857
This bug enabled Remote SQL Injection. Might want to put the latest 2.2 out there quickly?
If I read this correctly - isn't the exploit only viable if you have a valid username/password combo to use as there is a login check.
It is therefore only really serious for blogs with user registration enabled.
Yes, you are correct, you must have at least one valid user/pass combo. It says as much in the exploit code (after running it through Google Translate).
comment:7
foolswisdom — 5 years ago
- Priority changed from high to highest omg bbq
- Summary changed from Apply [5570] int cast to 2.2 branch to 2.2 remote SQL injection exploit, user registration, xmlrpc.php.
- Description modified (diff)
- Severity changed from major to blocker
Now widely published.
Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php. http://packetstormsecurity.org/0706-exploits/wp22xmlrpc-sql.txt
http://kev.coolcavemen.com/2007/06/wordpress-22-security-hole-identity-theft/
(In [5584]) Apply [5570] to 2.2. fixes #4357