1.5.2 SQL Injection

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

1.5.2 SQL Injection

Podz
http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml

Description

Patrik Karlsson reported that WordPress 1.5.2 makes use of an
insufficiently filtered User Agent string in SQL queries related to
comments posting. This vulnerability was already fixed in the 2.0-series
of WordPress.

Impact

An attacker could send a comment with a malicious User Agent parameter,
resulting in SQL injection and potentially in the subversion of the
WordPress database. This vulnerability wouldn't affect WordPress sites
which do not allow comments or which require that comments go through a
moderator.

Reported in the forums:
http://wordpress.org/support/topic/63734?replies=3#post-339189

There are a lot of people still using 1.5.2
Can this be patched so an upgrade does not have to be the response ?

An announcement is also called for surely ?

P.
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

steve caturan
interesting enough:

  ------- Comment #6 From Patrik Karlsson  2006-02-12 23:14 PST  [reply]
-------

I contacted wordpress through their [hidden email] e-mail
address the 6th of February but haven't heard anything. I sent a new
mail today. I guess they don't care about vulnerabilities in their older
versions. I don't know how many other distributions still ship with 1.5.2.

from http://bugs.gentoo.org/show_bug.cgi?id=121661

Podz wrote:

> http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml
>
> Description
>
> Patrik Karlsson reported that WordPress 1.5.2 makes use of an
> insufficiently filtered User Agent string in SQL queries related to
> comments posting. This vulnerability was already fixed in the 2.0-series
> of WordPress.
>
> Impact
>
> An attacker could send a comment with a malicious User Agent parameter,
> resulting in SQL injection and potentially in the subversion of the
> WordPress database. This vulnerability wouldn't affect WordPress sites
> which do not allow comments or which require that comments go through a
> moderator.
>
> Reported in the forums:
> http://wordpress.org/support/topic/63734?replies=3#post-339189
>
> There are a lot of people still using 1.5.2
> Can this be patched so an upgrade does not have to be the response ?
>
> An announcement is also called for surely ?
>
> P.
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

steve caturan
In reply to this post by Podz
actually Ryan had a discussion with Mr. Karlsson but either way, time to
get crunching at least for me. got a few 1.5.2 installs to upgrade to
2.0.1 :)


Podz wrote:

> http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml
>
> Description
>
> Patrik Karlsson reported that WordPress 1.5.2 makes use of an
> insufficiently filtered User Agent string in SQL queries related to
> comments posting. This vulnerability was already fixed in the 2.0-series
> of WordPress.
>
> Impact
>
> An attacker could send a comment with a malicious User Agent parameter,
> resulting in SQL injection and potentially in the subversion of the
> WordPress database. This vulnerability wouldn't affect WordPress sites
> which do not allow comments or which require that comments go through a
> moderator.
>
> Reported in the forums:
> http://wordpress.org/support/topic/63734?replies=3#post-339189
>
> There are a lot of people still using 1.5.2
> Can this be patched so an upgrade does not have to be the response ?
>
> An announcement is also called for surely ?
>
> P.
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>
>
>


_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

David House
On 06/03/06, steve caturan <[hidden email]> wrote:
> actually Ryan had a discussion with Mr. Karlsson but either way, time to
> get crunching at least for me. got a few 1.5.2 installs to upgrade to
> 2.0.1 :)

Don't bother. 2.02 will be out within hours.

--
-David House, [hidden email], http://xmouse.ithium.net
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

Scott Merrill
David House wrote:
> On 06/03/06, steve caturan <[hidden email]> wrote:
>
>>actually Ryan had a discussion with Mr. Karlsson but either way, time to
>>get crunching at least for me. got a few 1.5.2 installs to upgrade to
>>2.0.1 :)
>
>
> Don't bother. 2.02 will be out within hours.

Which is to say that 2.01 has vulnerabilities, for those that don't read
the testers list:
http://comox.textdrive.com/pipermail/wp-testers/2006-March/002303.html
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

Darryl VanDorp
In reply to this post by Podz
Can somene answer definitively does this affect versions prior to wordpress
2.0? The 2.0.2 release announcement seems vague.

-Darryl

On 3/6/06, Podz <[hidden email]> wrote:

>
> http://www.gentoo.org/security/en/glsa/glsa-200603-01.xml
>
> Description
>
> Patrik Karlsson reported that WordPress 1.5.2 makes use of an
> insufficiently filtered User Agent string in SQL queries related to
> comments posting. This vulnerability was already fixed in the 2.0-series
> of WordPress.
>
> Impact
>
> An attacker could send a comment with a malicious User Agent parameter,
> resulting in SQL injection and potentially in the subversion of the
> WordPress database. This vulnerability wouldn't affect WordPress sites
> which do not allow comments or which require that comments go through a
> moderator.
>
> Reported in the forums:
> http://wordpress.org/support/topic/63734?replies=3#post-339189
>
> There are a lot of people still using 1.5.2
> Can this be patched so an upgrade does not have to be the response ?
>
> An announcement is also called for surely ?
>
> P.
> _______________________________________________
> wp-hackers mailing list
> [hidden email]
> http://lists.automattic.com/mailman/listinfo/wp-hackers
>



--
http://randomthoughts.vandorp.ca
_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers
Reply | Threaded
Open this post in threaded view
|

Re: 1.5.2 SQL Injection

Robert Deaton
"This vulnerability was already fixed in the 2.0-series
of WordPress."

From the first email in the thread.

--
--Robert Deaton
http://somethingunpredictable.com

_______________________________________________
wp-hackers mailing list
[hidden email]
http://lists.automattic.com/mailman/listinfo/wp-hackers