Wordpress 2.1 Vulnerabilities
Over the past few weeks there has been some vulnerabilities that have surfaced for Wordpress 2.1.* releases. The first link is sql injection attack in a weakness of xmlrpc.php. A prerequisite is that you must be a user on the target wordpress blog. The second link describes a blind sql injection attack on admin-ajax.php. The third link is the advisory of the admin-ajax.php exploit. The fourth link is to the proof of concept exploit code. I would highly recommend that you upgrade any older wordpress blogs. Enjoy! ;)
Wordpress 2.1.2 xmlrpc Security Issues
Wordpress admin-ajax.php Sql Injection
[waraxe-2007-SA#050] - Sql Injection in WordPress 2.1.3
WordPress 2.1.3 sql injection blind fishing exploit
No comments:
Post a Comment