Re: SQL Injection Exploit for WordPress <= 1.5.1.1

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: SQL Injection Exploit for WordPress <= 1.5.1.1
From: Giorgio Mandolfo <giorgio@xxxxxxxxxxxxxxx>
Date: Tue, 7 Jun 2005 22:24:38 +0200
In-reply-to: <002d01c56b98$cfc14cc0$0100a8c0@alberto>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <002d01c56b98$cfc14cc0$0100a8c0@alberto>
User-agent: Mutt/1.5.6+20040907i

* Alberto Trivero <trivero@xxxxxxxx> [070605, 21:40]:
> #!/usr/bin/perl -w

Thanks for the code.
In any case I get 'Unable to retrieve username' and 'hash of password'

That's quite strange since I run a exploitable version. 
According to wp-includes/version.php this is Wordpress 1.5 (old install from a
gentoo system)

GLSA 200506-04 says that Wordpress < 1.5.1.2 is vulnerable, but it seems not to
be the case.

Who can clarify?
Thanks,

Giorgio

-- 
BOFH excuse #449:

greenpeace free'd the mallocs

References:
- SQL Injection Exploit for WordPress <= 1.5.1.1
  - From: Alberto Trivero

Prev by Date: Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14
Next by Date: [AppSecInc Advisory WEBSP05-V0098] Remote Buffer overflow in WebSphere Application Server Administrative Console
Previous by thread: SQL Injection Exploit for WordPress <= 1.5.1.1
Next by thread: Denial of Service vulnerability in GoodTech SMTP Server for Windows NT/2000/XP version 5.14
Index(es):
- Date
- Thread