Author: Janek Vind “waraxe”
Date: 21. May 2007
Location: Estonia, Tartu
Web: http://www.waraxe.us/advisory-50.html
Target software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vulnerable: WordPress 2.1.3
Patched: WordPress 2.2
http://www.wordpress.org/
Vulnerabilities:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1. critical sql injection in “admin-ajax.php”
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Let’s have look @ source code of “wp-admin/admin-ajax.php” ~ line 6: Read the rest of this entry »