WordPress Plugin WordSpew – SQL Injection Attack Alert

by on April 15th, 2009

WordPress Plugin WordSpew will create a shoutbox on your wordpress blog. It uses AJAX, a technology that allows information to be transmitted to the server without the user refreshing the page. So what makes this special is that your users can carry out live chats from your blog without having to refresh the page. It’s kind of like instant messaging! SQL Injection related Vulnerability has been found in this plugin. You blog can be Vulnerable to the SQL Injection if you are using this plugin, until unless the developer who created this plugin solves the problem and write a fix for that.

You can get requests by any hacker/stealer at your server with this plugin something like:

...plugins/wordspew/wordspew-rss.php?id=-998877+UNION+SELECT+0,1,0x6875566616B,3,4,5--

And cause damage to the blog permanently.

Offending Parameter:

id = -998877 UNION SELECT 0,1,0x6875566616B,3,4,5--

URL of Plugin WordSpew


Share