WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 8 years ago

Last modified 8 years ago

#4357 closed defect (bug) (fixed)

2.2 remote SQL injection exploit, user registration, xmlrpc.php.

Reported by: drhallows Owned by:
Milestone: 2.2.1 Priority: highest omg bbq
Severity: blocker Version: 2.2.1
Component: Security Keywords:
Focuses: Cc:

Description (last modified by foolswisdom)

Wordpress 2.2 remote SQL injection exploit, user registration, xmlrpc.php.

Apply [5570] int cast to 2.2 branch

Change History (7)

comment:1 @rob1n8 years ago

  • Resolution set to fixed
  • Status changed from new to closed

(In [5584]) Apply [5570] to 2.2. fixes #4357

comment:2 @foolswisdom8 years ago

  • Summary changed from Int cast. to Changeset 5570 for 2.2.1 (branch), Int cast.

comment:3 @rob1n8 years ago

  • Summary changed from Changeset 5570 for 2.2.1 (branch), Int cast. to Apply [5570] int cast to 2.2 branch

comment:4 follow-up: @Otto428 years ago

Note: Exploit code for this (fixed) bug is in the wild:

http://www.milw0rm.com/exploits/4039
http://wordpress.org/support/topic/120857

This bug enabled Remote SQL Injection. Might want to put the latest 2.2 out there quickly?

comment:5 in reply to: ↑ 4 @westi8 years ago

Replying to Otto42:

Note: Exploit code for this (fixed) bug is in the wild:

http://www.milw0rm.com/exploits/4039
http://wordpress.org/support/topic/120857

This bug enabled Remote SQL Injection.
Might want to put the latest 2.2 out there quickly?

If I read this correctly - isn't the exploit only viable if you have a valid username/password combo to use as there is a login check.

It is therefore only really serious for blogs with user registration enabled.

comment:6 @Otto428 years ago

Yes, you are correct, you must have at least one valid user/pass combo. It says as much in the exploit code (after running it through Google Translate).

comment:7 @foolswisdom8 years ago

  • Description modified (diff)
  • Priority changed from high to highest omg bbq
  • Severity changed from major to blocker
  • Summary changed from Apply [5570] int cast to 2.2 branch to 2.2 remote SQL injection exploit, user registration, xmlrpc.php.

Now widely published.

Wordpress version 2.2 remote SQL injection exploit that makes use of xmlrpc.php.
http://packetstormsecurity.org/0706-exploits/wp22xmlrpc-sql.txt

http://kev.coolcavemen.com/2007/06/wordpress-22-security-hole-identity-theft/

Note: See TracTickets for help on using tickets.