It's important to point out, since probably the whole automattic is still leechi...

kgeist · 2024-09-26T09:29:32 1727342972

Just checked out the original version of b2 Wordpress was forked from and could immediately spot a SQL injection which I can use to take over the whole site:

    $log = $HTTP_POST_VARS["log"];
    <..>
    $user_login=$log;
    <..>
    SELECT ID, user_login, user_pass FROM $tableusers WHERE user_login = '$user_login' AND MD5(user_pass) = '$password'

Later it also stores the hashed password as a cookie.

Some quality 2003 code :)

admissionsguy · 2024-09-26T09:48:10 1727344090

Not necessarily if magic quotes are enabled!!

hedgehog · 2024-09-26T21:49:31 1727387371

Oh "magic quotes", we hardly miss you.

lnxg33k1 · 2024-09-26T11:35:36 1727350536

2003? If I remember correctly, SQL injection has been in OWASP Top 10 until 2016

kgeist · 2024-09-26T12:30:36 1727353836

The code is from 2003.

lnxg33k1 · 2024-09-26T13:48:47 1727358527

Yeah, I got that, it's just that could as well be more recent^^