Displaying 5 results from an estimated 5 matches for "wp_user".
Did you mean:
ip_user
2011 Mar 11
1
Using dovecot with wordpress/phpass passwords?
Good afternoon,
I am trying to setup dovecot to authenticate using the userdata from wordpress.
It's being a bit mor difficult than I thought. This is the relevant
part of the dovecot-sql.conf
default_pass_scheme = CRYPT
password_query = SELECT user_pass AS password FROM wp_users WHERE
user_email='%u';
user_query = SELECT 501 as uid, 501 as gid,'maildir:storage=51200' as
quota FROM wp_users WHERE user_email = '%u'
I can see that the query is being procecessed according to the logs.
Wordpress and others are using phpass to authenticate
(http://www....
2016 Mar 24
10
C5 MySQL injection attack ("Union Select")
...ssively long.
My URL was something like this
...../...../.....php?key=123456
The injection was something like this
...../...../.....php?key=876711111111111111111111111111' UNION SELECT
13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /*
order by 'as
There are no user permission on information_schema.
There seems to be 2 versions of the coding floating around on Austrian
and Russian IPs. One is ineffective but the other works. It seems the
author is expert in the intricate structure and design of SQL.
--
R...
2016 Mar 24
0
C5 MySQL injection attack ("Union Select")
...ike this
>
> ...../...../.....php?key=123456
>
> The injection was something like this
>
> ...../...../.....php?key=876711111111111111111111111111' UNION SELECT
> 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
> information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /*
> order by 'as
>
> There are no user permission on information_schema.
>
> There seems to be 2 versions of the coding floating around on Austrian
> and Russian IPs. One is ineffective but the other works. It seems the
> author is expert in the intricate stru...
2016 Mar 24
0
C5 MySQL injection attack ("Union Select")
...ike this
>
> ...../...../.....php?key=123456
>
> The injection was something like this
>
> ...../...../.....php?key=876711111111111111111111111111' UNION SELECT
> 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
> information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /*
> order by 'as
>
> There are no user permission on information_schema.
>
> There seems to be 2 versions of the coding floating around on Austrian
> and Russian IPs. One is ineffective but the other works. It seems the
> author is expert in the intricate stru...
2016 Mar 24
2
C5 MySQL injection attack ("Union Select")
...ION SELECT (-x1-Q-,-x2-Q-,-x3-Q-,-x4-Q-,-x5-Q-,-x6-Q-)
' UNION SELECT 1,CONCAT(ddd,[X],file_priv,[XX],3,4,5,6,7,8 FROM
mysql.user limit 0,1 (I do not have mysql.user)
' UNION SELECT 13,CONCAT([X],count(*),[X],13,13,13,13,13,13 FROM
information_schema.TABLES WHERE `TABLE_NAME` LIKE "%wp_users%" -- /*
order by 'as
LIKE "%user%"
LIKE "%usr%"
LIKE "%phpbb%"
LIKE "?%"
LIKE "?m%"
LIKE "%member%"
LIKE "%forum%"
LIKE "%reg%"
LIKE "%moder%"
LIKE "%ftp%"
LIKE "%jos%"
LIKE &q...