Wordpress is prepare -d

slavco
slavco
Sep 20, 2017 · 1 min read

This morning I was delighted to see that center of my wp-centric universe is prepared! I have pushed my coffee on the side, throw the cigarette and continued with my book: Learn Wordpress in 21 days. I have my reasons to learn, maybe I’ll write regarding it in future, but let me show you my morning practice / sample.

Add your own action-Day 3

function grr(){
global $wpdb;
if ( isset($_REQUEST["tazdingooo1"]) ){
echo "<pre>";
$name = esc_sql($_REQUEST["tazdingooo1"]);//try wc_clean too
if ( isset($_REQUEST["tazdingooo2"]) ){
$email = sanitize_email($_REQUEST["tazdingooo2"]);
$part_of_the_query = $wpdb->prepare("tadaaam %s", $email);
$query = $wpdb->prepare("query $part_of_the_query %s", $name);
echo $query;
}else{
print_r(array("hurry up you are on the Day 3! ".$name));
}
exit;
}
}
add_action( 'init', 'grr' );

Perfect! I have started with tests! After 30 minutes of trying to get the idea and getting warning in my browser that I need to hurry up, because I’m on the day 3 I finally managed to echo $query . I got some strange result that means nothing to me, but this was my lucky request:

http://localhost/day3/index.php?tazdingooo2=te%sst@gmail.com&tazdingooo1[]=not%20important&tazdingooo1[]=op1

This is my story for today! Stay tuned for more :)

websec

Attack sources + web application security

slavco

Written by

slavco

websec

websec

Attack sources + web application security