Saturday, September 24, 2011

Wordpress Blind SQL Injection Vulnerability

My friend a Bay Area entrepreneur had a nasty surprise, his website was defaced. Updating the wordpress content management system to stable version and resetting the default theme from backup fixed the problem.

So don't forget to keep your wordpress CMS updated to latest release and secure your wordpress website to avoid such nasty surprises.

The vulnerability effects WordPress version 3.0.4. Malicious script kiddies exploit the remote blind SQL injection vulnerability in comment_post_ID to deface the wordpress websites. You can learn more about this vulnerability on packetstorm.
packetstormsecurity.org/files/104989/WordPress-3.0.4-Blind-SQL-Injection.html

No comments:

Post a Comment

You can leave a comment here using your Google account, OpenID or as an anonymous user.

Popular Posts