runPHP Plugin for Wordpress: SQL Injection Vulnerability
August 8th, 2007Yesterday, I have discovered an SQL Injection Vulnerability in the runPHP Plugin for Wordpress made by James Van Lommel.
I definitely like the concept of this Plugin; but whilst playing around with my latest Wordpress 2.2.2 Security Update I found a very nasty SQL Injection flaw:
/wp-admin/post.php?action=edit&post=1/*SQLINJECTION*/%20AND%201′=0
Of course I directly contacted James and told him what has happened - and today, he released a patched Version 2.3.0. So users of this Plugin, please update :o)
And Again, Thank you James for this very fast Patch!
Did you Like this Post? Try these ones! :)
res:// File Enumeration. Not on Windows, not using IE - but hell, it works! on July 26th, 2007
Viral Marketing or The Best Newsletter Ever on July 19th, 2007
Google Websearch Server Error on July 20th, 2007
Yahoo indexes XSS on February 17th, 2007
VIDEO: Can't Touch this, it's Hammer Time!! (guy dancing like there's no tommorow) on September 12th, 2007
August 8th, 2007 at 08:30
The author introduced a new XSS bug in his fix:
wp-admin/post.php?action=edit&post=%3Cscript%3Ealert(/XSS/)%3C/script%3E
August 16th, 2007 at 11:58
[…] couple of weeks ago it was the runPHP Wordpress Plugin which created a SQL Injection Vulnerability and now the story is continued, and I just thought of another nasty […]