CVE-2007-6318

WordPress <= 2.3.1 - SQL Injection via s Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6318. PoCs published by Abel Cheung.

AI-analyzed exploit summary This is a detailed advisory describing a SQL injection vulnerability in WordPress <= 2.3.1 due to improper sanitization of input when using multibyte character sets like Big5 or GBK. The proof of concept demonstrates how an attacker can dump database contents, including user password hashes, via a crafted search query.

Description

SQL injection vulnerability in wp-includes/query.php in WordPress 2.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the s parameter, when DB_CHARSET is set to (1) Big5, (2) GBK, or possibly other character set encodings that support a "\" in a multibyte character.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Abel Cheung · textwebappsphp

https://www.exploit-db.com/exploits/4721

View Code ZIP pw:eip

This is a detailed advisory describing a SQL injection vulnerability in WordPress <= 2.3.1 due to improper sanitization of input when using multibyte character sets like Big5 or GBK. The proof of concept demonstrates how an attacker can dump database contents, including user password hashes, via a crafted search query.

Classification

Writeup 100%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: WordPress <= 2.3.1

No auth needed

Prerequisites: WordPress installation with DB_CHARSET set to a vulnerable multibyte character set (e.g., GBK or Big5)

MITRE ATT&CK