BID:24076

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

Info

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

Bugtraq ID:	24076
Class:	Input Validation Error
CVE:	CVE-2007-2821
Remote:	Yes
Local:	No
Published:	May 21 2007 12:00AM
Updated:	Feb 22 2008 02:23PM
Credit:	waraxe is credited with the discovery of this vulnerability.
Vulnerable:	WordPress WordPress 2.1.3 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0

Not Vulnerable:

Discussion

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

WordPress is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects WordPress 2.1.3; other versions may also be vulnerable.

Exploit / POC

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following exploit is available:

/data/vulnerabilities/exploits/24076.php

Solution / Fix

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

Solution:
Vendor fixes are available. Please see the references for more information.

References

Wordpress Admin-Ajax.PHP SQL Injection Vulnerability

References:

Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability (Sammy Forgit)
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3 (waraxe)