X CLOSE

Enter your email below to sign up for latest updates from Appcheck NG.

CLOSE

Simply complete the info below and we'll send you all you need to activate AppCheck NG and undertake your FREE scan.

Please enter individual IP addresses or ranges

Please enter full URLs for your web applications, and both http and https where appropriate

New WordPress SQLi Vulnerability Uncovered


A new WordPress SQLi vulnerability has been discovered by security researchers in a WordPress core, it’s strongly recommended to update to version 4.8.3, the latest at the time of writing, if you haven’t done so already.

AppCheck-NG had a plugin available in our scanner within hours of the vulnerability being disclosed (31/10/2017), the vulnerability exploits a flaw in the “$wpdb->prepare()” code in meta.php where by an attacker could take advantage of an SQL query being doubly prepared and manipulate the input.
example
$my_where = $wpdb->prepare(" WHERE foo = %s", "%s ");
$taint = [" OR 1=1 # ", 2, 3];
$my_query = $wpdb->prepare("SELECT * FROM something $my_where LIMIT %d, %d", $taint);

Results in
SELECT * FROM something WHERE foo = '' OR 1=1 # ' ' LIMIT 2, 3

In the above example the “%s” in the first prepare is replaced by another %s from an input which makes it through to the 2nd prepare statement that could handle user input and allow an attacker to perform SQL injection.

A full write up from the original researcher can be found here and the WordPress advisory notice here