Small bug with Secure WordPress plugin’s “block bad queries” option
-
In secure-wordpress.php, I think the following strpos calls should be stripos given that SQL is case-insensitive (?) So if “eVAL” was specified, the detector would fail.
I could be wrong about this, can someone brighter than me (ok, anybody ?? check
strpos($_SERVER[‘REQUEST_URI’], “eval(“) ||
strpos($_SERVER[‘REQUEST_URI’], “CONCAT”) ||
strpos($_SERVER[‘REQUEST_URI’], “UNION+SELECT”) ||
strpos($_SERVER[‘REQUEST_URI’], “base64”)) {
Viewing 1 replies (of 1 total)
Viewing 1 replies (of 1 total)
- The topic ‘Small bug with Secure WordPress plugin’s “block bad queries” option’ is closed to new replies.