WordPress database error: help ?

**code green** · Apr 14 '11, 08:03 AM

The LIMIT -10, 10 looks wrong.
You are asking to start at row -10.
What are you trying to do?

**moroccanplaya** · Apr 14 '11, 12:25 PM

i ran a sql injection scan on my site and thats the result, is it a venerability ?

**JKing** · Apr 14 '11, 02:58 PM

The scan told you there was a mysql error?

Is the error suppressed? Or is it printed to the page when the user navigates to the page in question?

If the error is being printed it could be a vulnerability by giving away details that would otherwise not be shown.

**moroccanplaya** · Apr 14 '11, 07:37 PM

yeah the error is being printed so do i fix this

**JKing** · Apr 14 '11, 07:55 PM

Try this... I think the intent is to pull only 10 records.

Code:

SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT 10

**moroccanplaya** · Apr 14 '11, 07:58 PM

thats what gets printed on the site

WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '-10, 10' at line 1]
SELECT DISTINCT * FROM wp_posts WHERE 1=1 AND post_date_gmt <= '2011-04-13 08:52:59' AND (post_status = "publish") GROUP BY wp_posts.ID ORDER BY post_date DESC LIMIT -10, 10

**moroccanplaya** · Apr 14 '11, 08:02 PM

this is the sql injection string that was used

index.php?paged =/archive/-1-5-2-Create Table

it was used at the end of a url

**moroccanplaya** · Apr 14 '11, 08:03 PM

and this to
index.php?paged =-25633&header.ph p?=-id

WordPress database error: help ?

WordPress database error: help ?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment