From: "Omid" <omid@hackers.ir.>
To: <bugtraq@securityfocus.com.>
Subject: Sql injection in WordPress 2.1.2
Date: Fri, 09 Mar 2007 19:15:33 +0330
User-Agent: Hackers.ir/1.0
MIME-Version: 1.0
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: 8bit
Importance: Normal
X-Priority: 3 (Normal)
X-Mailer: Hackers.ir/1.0
X-Virus-Scanned: antivirus-gw at tyumen.ru
Hello,
There is a sql injection in WordPress 2.1.2 (and maybe others) .
A user with "add link" permission (Editor/Administrator) can do this :
The '$new_cat' variable in "wp_set_link_cats()" function is not checked
properly before be used in the sql query :
File /wp-admin/admin-db.php, Line 472 :
$wpdb->query("
INSERT INTO $wpdb->link2cat (link_id, category_id)
VALUES ($link_ID, $new_cat)");
- Omid
