[CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]
Leonard den Ottolander
leonard at den.ottolander.nlWed Dec 22 15:49:31 UTC 2010
- Previous message: [CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2010-12-21 at 13:44 +0100, Leonard den Ottolander wrote: > The patch shown in > http://core.trac.wordpress.org/changeset/16625 > > prompted me to try a > > $ grep -r "\=\ \%s\"" * > > in the web root of a WordPress installation. The matches are a bunch of > possible SQL injections. Haven't checked the actual code paths, This turned out to a wild goose chase: For all matches the substituted strings are being quoted via wpdb->prepare(). Regard, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
- Previous message: [CentOS] WordPress possilbe SQL injections [was: SELinux - way of the future or good idea but !!!]
- Next message: [CentOS] SELinux - way of the future or good idea but !!!
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list