For those of you out there that use WordPress be sure to upgrade or at least fix your software as there is a vulnerability in version 2.0.5. This is not really all that new. The original posting for the code upgrade was released on January 5th. The security finding and the proof of concept exploit code were posted on Securiteam’s website on Jan 7th.
WordPress supports decoding trackbacks with different charsets when PHP’s mbstring extension is activated. Because the decoding happens after the database escaping is performed choosing the right charset for the input data allows bypassing the protection against SQL injection.
For the demonstration exploit that was shared with the WordPress developers the UTF-7 charset was chosen, because it is the easiest to work with. Other multibyte charsets that for example allow multibyte sequences ending in ‘\’ can also be used.
According to the folks at Securiteam the latest version (2.0.6) is not susceptible to this attack.
Patch away.
[tags]Wordpress Security, 2.0.5 Vulnerability, SQL Injection, Charset[/tags]
