echo ""; echo ""; echo ""; echo ""; if(!is_admin){echo "";} » WordPress 2.1.3及更早版本的SQL注入漏洞及解决办法 仲子说

2008-10-30

WordPress 2.1.3及更早版本的SQL注入漏洞及解决办法

Posted in 网络安全 at 17:05 Author:仲远

标签:

SQL?????????????????????????????SQL?????????????????????????????????????????????????????????????????SQL?????????????????????SQL????????????????????????????????????????????bug?????????????????????

???bug??????????????????????????????????????????????????????????Windows XP??????6?7???????????????????????

WordPress???????????????????????????2.6.3?????????????????2.1.3???????????SQL?????

???????????????Cookies?????SQL??????????????SQL??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????32????

?????wp-admin/admin-ajax.php??SQL???????????????????????????ip??admin-ajax.php?????????????????????

?????????????wp-includes/pluggable.php??122??function get_userdatabylogin($user_login)???

function get_userdatabylogin($user_login) {
 global $wpdb;
 $user_login = sanitize_user( $user_login );

 if ( empty( $user_login ) )
  return false;

 if ( !preg_match(’/^\w+$/’ , $user_login ) )
  return false;

 $userdata = wp_cache_get($user_login, ‘userlogins’);
 if ( $userdata )
  return $userdata;
  
 $user_login = $wpdb->escape($user_login);

 if ( !$user = $wpdb->get_row(”SELECT * FROM $wpdb->users WHERE user_login = ‘$user_login’”) )
  return false;

……

}

?????????????????????????????????????????WordPress??????????????????????????

本文可以自由转载,转载时请保留全文并注明出处:
转载自仲子说 [ http://www.wangzhongyuan.com/ ]
原文链接:

Leave a Comment

*
To prove you're a person (not a spam script), type the security text shown in the picture. Click here to regenerate some new text.
Click to hear an audio file of the anti-spam word