[VIM] Recipe theme SQL injection unlikely
Steven M. Christey
coley at mitre.org
Wed Feb 20 21:54:14 UTC 2008
Researcher: S at BUN
Ref: Wordpress Plugin (wp-content/recipe) SQL Injection
http://www.securityfocus.com/archive/1/archive/1/488281/100/0/threaded
BID thinks this is from:
http://www.templatepanic.com/article/recipes-blog-wordpress-theme
However, wordspew-rss.php doesn't exist in that distribution, and this
was probably a cut-and-paste error from CVE-2008-0682, which was about
Wordspew (and confirmed by the vendor by the way, see
http://pierre.sudarovich.free.fr/index.php/2006/02/28/ajax-shoutbox/
In addition, the Google-dork points to live sites that use programs
such as viewRecipe.php, which isn't in the TemplatePanic theme. Also,
the TemplatePanic theme doesn't seem to use SQL, at least not
directly.
So, if there's an SQL injection in some recipe module somewhere, we
don't know what module or program it is.
- Steve
More information about the VIM
mailing list