[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: WordPress Search Function SQL-Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: WordPress Search Function SQL-Injection
From: kelson@xxxxxxxxx
Date: 27 Feb 2007 22:23:32 -0000

This looks like the bug described here: http://trac.wordpress.org/ticket/3722
"DB error when sanitized search string results in empty query" (Filed January 
31)

According to that page:
> I guess it's also worth mentioning that commas
> _are_ being sanitized. The reason for the error is
> that once the commas are gone WordPress attempts 
> to wrap the search query with "AND ( $search )"
> 
> Since $search is null MySQL throws up an error.

The same error results from searching for just a space.  In either case, adding 
other characters to the field results in the expected query.  It doesn't look 
like injection would be possible.

Prev by Date: Xbox 360 Hypervisor Privilege Escalation Vulnerability
Next by Date: Re: WordPress Search Function SQL-Injection
Previous by thread: Re: WordPress Search Function SQL-Injection
Next by thread: Nullsoft ShoutcastServer Persistant XSS - 0day
Index(es):
- Date
- Thread