Blind Sql Injection in Wordpress SEO plugin by Yoast <=1.7.3.3
Jul

What is Blind SQL Injection

Blind Sql Injection in Wordpress SEO plugin by Yoast <=1.7.3.3

Posted by on category Wordpress

What is Blind SQL Injection. How does it differ from normal SQL injection?

To know what Blind SQL injection is, let us first understand what normal SQL injection is in normal SQL injection hackers depend on error messages returned from a database on a web page to find vulnerable databases.

What if the error messages are turned off?

The hacker can still execute SQL queries in URL and hack vulnerable database and get access to confidential information. This method is called as Blind SQL Injection. Though this method is slower and difficult, it is not impossible.

Blind SQL Injection Example:

Let us assume that URL http://www.examplesite.com?id=5 is used to retrieve information about a user with id 5 from the database. The SQL query for this could look like this “SELECT * from user where id=’5 ‘“. The hacker can inject simple Boolean expressions into URL say. http://www.examplesite.com?id=5 OR 1=1 The SQL query for this could be “SELECT * from user where id=’5’ OR 1=1 “ If the server accepts and executes this query then it means that this website is vulnerable to SQL injection. Executing this query will return all rows from the table “user”, since 1=1 is always true. By this way a hacker can easily gain access to user table.

Blind Sql Injection in Wordpress SEO plugin:

Blind SQL injection has been recently discovered in one of the most popular SEO plugin - Wordpress SEO Plugin by Yoast. More than one million websites use Wordpress SEO Plugin. Wp Scan Vulnerability database (https://wpvulndb.com/vulnerabilities/7841) has responsibly disclosed the vulnerability to Plugin’s author. “The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query” In order to fix this issue all the websites using Wordpress SEO Plugin <=1.7.3.3 are advised to upgrade to latest version as this issue has been addressed and fixed. https://yoast.com/wordpress-seo-security-release/ discusses the vulnerability and its fix.

How to Prevent Blind SQL Injection?

The best way to prevent blind SQL injection is using prepared statements or parameterized SQL statements where the query is parsed only once and executed multiple times. sql injuction Learn more about PHP prepared statement http://php.net/manual/en/pdo.prepared-statements.php

Prevent SQL injection using .htaccess in wordpress

Below are the set of rules that will prevent most dangerous Wordpress SQL injection attacks. query

How to identify Vulnerable Websites?

One of the most common ways to identify vulnerable websites is by using Google Dorks. Google’s “inurl” command is used to find vulnerable words in URL. You can find list of google dorks here. http://1337mir.com/hacking/2013/10/google-dorks-sql-injection/ Here at Pattronize we strictly follow Data Sanitization methods http://codex.wordpress.org/Data_Validation#Database to develop highly secure wordpress themes and plugins. Your website is safe with us.