S-157: WordPress WassUp Plugin 'spy.php' Vulnerability

Tags

php, security, vulnerability, wordpress

Special Forums Cybersecurity Security Advisories (RSS) S-157: WordPress WassUp Plugin 'spy.php' Vulnerability

02-01-2008

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

S-157: WordPress WassUp Plugin 'spy.php' Vulnerability

WordPress WassUp plugin in prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. The risk is MEDIUM. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

Previous Thread | Next Thread

1 More Discussions You Might Find Interesting

1. What is on Your Mind?

Cybersecurity - Wordpress Plugin Developer Wanted

https://www.unix.com/members/1-albums112-picture680.png

LEARN ABOUT PHP

pg_query

PG_QUERY(3)															       PG_QUERY(3)

pg_query - Execute a query

SYNOPSIS

       resource pg_query ([resource  $connection], string  $query)

DESCRIPTION

       pg_query(3) executes the $query on the specified database $connection. pg_query_params(3) should be preferred in most cases.

	If  an error occurs, and FALSE is returned, details of the error can be retrieved using the pg_last_error(3) function if the connection is
       valid.

       Note

	       Although $connection can be omitted, it is not recommended, since it can be the cause of hard to find bugs in scripts.

       Note

	       This function used to be called pg_exec(3). pg_exec(3) is still available for compatibility reasons, but users  are  encouraged	to
	      use the newer name.

PARAMETERS

	      o $connection
		- PostgreSQL database connection resource. When $connection is not present, the default connection is used. The default connection
		is the last connection made by pg_connect(3) or pg_pconnect(3).

	      o $query
		- The SQL statement or statements to be executed. When multiple statements are passed to the function, they are automatically exe-
		cuted  as  one	transaction, unless there are explicit BEGIN/COMMIT commands included in the query string. However, using multiple
		transactions in one function call is not recommended.

	      Warning

		      String interpolation of user-supplied data is extremely dangerous and is likely to lead to SQL injection vulnerabilities. In
		     most  cases  pg_query_params(3) should be preferred, passing user-supplied values as parameters rather than substituting them
		     into the query string.

		      Any user-supplied data substituted directly into a query string should be properly escaped.

RETURN VALUES

	A query result resource on success or FALSE on failure.

EXAMPLES

       Example #1

	      pg_query(3) example

	      <?php

	      $conn = pg_pconnect("dbname=publisher");
	      if (!$conn) {
		echo "An error occurred.
";
		exit;
	      }

	      $result = pg_query($conn, "SELECT author, email FROM authors");
	      if (!$result) {
		echo "An error occurred.
";
		exit;
	      }

	      while ($row = pg_fetch_row($result)) {
		echo "Author: $row[0]  E-mail: $row[1]";
		echo "<br />
";
	      }

	      ?>

       Example #2

	      Using pg_query(3) with multiple statements

	      <?php

	      $conn = pg_pconnect("dbname=publisher");

	      // these statements will be executed as one transaction

	      $query = "UPDATE authors SET author=UPPER(author) WHERE id=1;";
	      $query .= "UPDATE authors SET author=LOWER(author) WHERE id=2;";
	      $query .= "UPDATE authors SET author=NULL WHERE id=3;";

	      pg_query($conn, $query);

	      ?>

SEE ALSO

       pg_connect(3), pg_pconnect(3), pg_fetch_array(3), pg_fetch_object(3), pg_num_rows(3), pg_affected_rows(3).

PHP Documentation Group 													       PG_QUERY(3)

Security Advisories (RSS)