MySQL and SQL Column Truncation Vulnerabilities

August 18th, 2008 | by Stefan Esser |

While SQL-Injection is one of the most discussed security problems in web applications other possible problems for SQL queries like overlong input are usually ignored although they can lead to all kinds of security problems.

This might be caused by the fact that security problems that are the result of overlong input are often buffer overflows and buffer overflows are something many web application security experts know nothing about and choose to ignore.

There are however several security problems for SQL queries that are caused by overlong input and no one talks about.

max_packet_size

In MySQL there exists a configuration option called max_packet_size which is set to one megabyte by default and controls the maximum size of a packet sent between the SQL client and server. When queries or result rows do not fit into a single packet a error is raised. This means an overlong SQL query is never sent to the server and therefore never executed.

This can lead to security problems when an attacker is able to supply long data elements that are then used in SQL queries. A good example are logging queries that combine information like the HTTP User-Agent, session ids and log messages into a large query that then does not fit into the packet anymore.

Another example from a real world application is a session table cleanup process that first selects all sessions matching certain parameters into a PHP array, then performs a multiple level cleanup and in the end all selected session ids are put into single delete query. It should be obvious that when there are many session identifiers in the table that need deletion the query gets too long. The result of this is that flooding the application with new sessions in a short time will result in no unused session being deleted later anymore.

Therefore web application developers should always ensure that they do not sent overlong data to the server. And it doesn’t matter if they use prepared statements or not.

SQL Column Truncation Vulnerabilities

When user input is not checked for its length SQL Column Truncation Vulnerabilities can arise. “SQL Column Truncation Vulnerability” is the name I use to describe security problems arising from overlong input that is truncated during insertion in the database. By default MySQL will truncate strings longer than the defined maximum column width and only emit a warning. Those warnings are usually not seen by web applications and therefore not handled at all. In MySQL the sql_mode STRICT_ALL_TABLES can be activated to turn these warnings into errors but applications will run most of the time on servers that run in the default mode and even if an application uses the stricter sql_mode it should not produce this error in the first place. Therefore a length check is required.

To understand why the truncation on insert can lead to security problems imagine the following application.

  • The application is a forum where new users can register
  • The administrator’s name is known e.g. ‘admin’
  • MySQL is used in the default mode
  • There is no application restriction on the length of new user names
  • The database column username is limited to 16 characters

A potential attacker might now try to register the name ‘admin ‘, which will fail because the ‘isAlreadyRegistered’ check will result in the SQL query.

SELECT * FROM user WHERE username='admin '

Because MySQL does not compare strings in binary mode by default more relaxed comparison rules are used. One of these relaxations is that trailing space characters are ignored during the comparison. This means the string ‘admin    ‘ is still equal to the string ‘admin’ in the database. And therefore the application will refuse to accept the new user.

If the attacker however tries the username ‘admin           x’ the application will search for it in the database and will not find it, because it is impossible to find a username with a length of 17 in a database field that has a 16 character limit. The application will accept the new username and insert it into the database. However the username column is to short for the full name and therefore it is truncated and ‘admin           ‘ is inserted into the database.

The result of this is that the user table now contains two users that due to trailing spaces both will be returned when the SELECT query above is executed. At this point a potential security problem arises because now it depends on how the username is treated throughout the application. The following pseudocode for example is vulnerable.

$userdata = null;
if (isPasswordCorrect($username, $password)) {
   $userdata = getUserDataByLogin($username);
   ...
}

When the previous piece of code uses the SQL query

SELECT username FROM users WHERE username = ? AND passhash = ?

to detect if the user password is correct and then does a lookup of the user data by name a security problem manifests.

SELECT * FROM users WHERE username = ?

Because the attacker created the newly created admin user he knows the correct password to pass this check. And because the real admin user is first in the table it will be returned first when the user data lookup by name is executed later.

Conclusion

Both problems described here are two new things web applications needs to be audited for because both can lead to real security problems. And because no one searches for these kind of vulnerabilities, now that it is public most probably the next weeks will bring several advisories about open source software suffering from these problems.

  1. 189 Responses to “MySQL and SQL Column Truncation Vulnerabilities”

  2. By xaitax on Aug 18, 2008 | Reply

    Nice discovery. Often thought about that flaw, but didn’t expect it will be go wild.
    Thanx for the article.

  3. By Gareth Heyes on Aug 18, 2008 | Reply

    If the username column has a unique index would this still allow a username padded with spaces?

  4. By Stefan Esser on Aug 18, 2008 | Reply

    No this will trigger an error, because the trailing spaces are ignored during the comparison.

  5. By Gareth Heyes on Aug 18, 2008 | Reply

    Thanks I thought so, another good article :)

    I use a combination of strlen checking, a separate SQL comparison for usernames and a unique column index

  6. By Andreas on Aug 18, 2008 | Reply

    But that’s only a problem because MySQL has a sloppy handling of invalid input data, right?
    If MySQL would reject the input string in the first place because it’s too long, this problem would not exist. But the “make the user happy instead of raising an error” input data handling creates another security problem.

  7. By Stefan Esser on Aug 18, 2008 | Reply

    Like I stated the approach to throw an error on overlong packets when they exceed max_packet_size also leads to security problems.

  8. By Andrew Bidochko on Aug 18, 2008 | Reply

    Stefan, thanks for the article. As always, good proof of concept!

    I’d like to note that having a UNIQUE KEY on a `username` column will overcome the reported issue.
    But anyway, Truncation Vulnerabilities may lead to other potential flows in web applications.

  9. By Stefan Esser on Aug 18, 2008 | Reply

    setting a UNIQUE KEY on the username column will result in a database error on insert, therefore it is still up to application to catch this error case before actually triggering it.

  10. By rvdh on Aug 18, 2008 | Reply

    Conclusion

    Both problems described here are two new things web applications needs to be audited for because both can lead to real security problems.


    Actually it isn’t new. SQL server suffered from the same technique. SQL Server 2000 SP4 and SQL Server 2005 SP1 silently truncate the data if the variable does not have big enough buffers.

    And because no one searches for these kind of vulnerabilities.


    Oh? I guess I discused them many times before, regarding data buffers and checking data sizes before handling/passing data into a query.

  11. By Stefan Esser on Aug 18, 2008 | Reply

    mr. rdvh

    first of all MySQL does not silently truncate anything. It is a documented feature that results in a warning. It is the applications fault to ignore those warnings.

    If you discussed this before then great let me see the url where it is documented. It is simply not possible to read everything released somewhere in a corner of the web.

    And I also believe that not many people think about these vulnerabilities, because otherwise there were advisories covering this type of vulnerability on bugtraq.

  12. By rvdh on Aug 18, 2008 | Reply

    first of all MySQL does not silently truncate anything. It is a documented feature that results in a warning. It is the applications fault to ignore those warnings.


    Correct, I talked about T-SQL in perticular which led to a truncation attack also.

    If you discussed this before then great let me see the url where it is documented. It is simply not possible to read everything released somewhere in a corner of the web.


    I mentioned it here briefly, though it was T-SQL specific with using single quotes. Although the technique of truncation is mostly the same:
    http://www.0×000000.com/index.php?i=396

    And I also believe that not many people think about these vulnerabilities, because otherwise there were advisories covering this type of vulnerability on bugtraq.


    Correct, I’m glad you point that out Stefan.

    But that holds the same truth for many memory limits e.g. buffers triggered by PHP or MySQL. As you know, most “scripters” seem to lack the knowlegde that low-level (like C) programmers have, but it’s a fair assumption that one must treat all user data as tainted, including data-size. I advocated many times before the need for writing buffers or data limiters in PHP to limit or/and restrict supplied user-data, I am glad you found this in MySQL because it confirms my overal thoughts about MySQL and PHP interaction alltogether.

  13. By Lukas on Aug 20, 2008 | Reply

    I guess the chances of people really going through the effort of explicit length checks in all the right places (WHERE clauses seem to be the problem spot if you are running in strict mode), are pretty low. However this is again an area where an ORM can help. It would allow centralized handling of length checks. In theory an ORM could also try to circumvent max packet size restrictions (as in split the DELETE statement), but this would be quite hard to do reliably (it could do some serious business logic breackage).

  14. By Arshan on Aug 20, 2008 | Reply

    Good post.

    > One of these relaxations is that trailing
    > space characters are ignored during the
    > comparison.

    Here you seem to be hinting that there are other types of relaxations used when comparing non-binary strings. The best technical resource for this subject I found here:
    http://dev.mysql.com/doc/refman/5.0/en/char.html

    However, after looking that over and doing a bit more searching, I can’t find any other quirks in the way strings are compared. Can you shed any light on this?

  15. By Stefan Esser on Aug 20, 2008 | Reply

    @Arshan: I maybe was a bit vague…

    Another relaxation depends for example on the collation. The default collations of mysql for different charsets all end with ‘_ci’. The _ci means that it is case insensitive. That means all strings are compared case insensitive by default.

  16. By Andi on Aug 21, 2008 | Reply

    Nice article!

    I had trouble with “max_packet_size” one time I inserted _many_ rows at once - so I never had the idea of truncating any string before executing a _single_ row insertion.
    I use a UNIQUE index for both nicknames and email address, so in this case truncating the string in PHP is not absolutely necessary.

  17. By Kyo on Aug 24, 2008 | Reply

    Good article!
    I usually trim() the username and remove double spaces in the registering process (php)

  18. By pstradomski on Sep 9, 2008 | Reply

    Well, data validation should be performed in the database, if it’s possible. So UNIQUE index is a must. Application-space validation usually fails in some obscure way. Some other situations, where uniqueness constraints in the application often fail:

    * integer truncation
    * race conditions (even when using transactions, true SERIALIZABLE isolation level would be required, which is almost never enabled, and for MVCC databases still does not prevent simultanous insertion of identical values).

  19. By Nil on Sep 9, 2008 | Reply

    Thats why everybody should use the Strict-Mode in MySQL, then it will raise an error.

  20. By Al O'Nerd on Sep 23, 2008 | Reply

    Will the BINARY keyword used in selecting user from username and passhash avoid that type of exploit?

  21. By aslifm on Nov 23, 2008 | Reply

    Nice discovery. Often thought about that flaw, but didn’t expect it will be go wild.
    Thanx for the article.

  1. 169 Trackback(s)

  2. Aug 19, 2008: 猪在笑 » Blog Archive » MySQL和SQL字段截短漏洞
  3. Aug 21, 2008: MySQL Truncation Etc… | Life without names.
  4. Aug 21, 2008: Уязвимости в MySQL и SQL запросах
  5. Aug 22, 2008: Ook interessant | Scriptorama.nl
  6. Aug 22, 2008: Новая уязвимость, связанная с усечением данных в MySQL | Raz0r.name - блог о web-безопасности
  7. Aug 29, 2008: Suspekt… » Blog Archive » MySQL and SQL Column Truncation Vulnerabilities « Insane Security
  8. Sep 2, 2008: MySQL Truncation Etc… | Small Business System
  9. Sep 8, 2008: WordPress 2.6.1存在SQL Truncation安全漏洞 | 大砲開講
  10. Sep 8, 2008: MSI :: State of Security » WordPress Exploit
  11. Sep 8, 2008: Beware Of WP Registration 2.6.1 | hatetepe titik dua garing dua kali celoteh dot info
  12. Sep 8, 2008: SQL Column Truncation в Wordpress | Raz0r.name - блог о web-безопасности
  13. Sep 8, 2008: WordPress 2.6.1 SQL Column Truncation Vulnerability « Irk4z homepage
  14. Sep 9, 2008: WordPress › Blog » WordPress 2.6.2
  15. Sep 9, 2008: WordPress 2.6.2 Upgrade!! | The Frosty
  16. Sep 9, 2008: Mandatory Update: WordPress 2.6.2 | Blog Tipz
  17. Sep 9, 2008: Place of Stuff » Blog Archive » WordPress 2.6.2
  18. Sep 9, 2008: Wordpress 2.6.2 - Tomasz Topa
  19. Sep 9, 2008: Planeta WordPress » Blog Archive » WordPress 2.6.2 soluciona dos graves problemas de seguridad
  20. Sep 9, 2008: Website Gains » Blog Archive » WordPress 2.6.2
  21. Sep 9, 2008: WordPress 2.6.2发布 | 晴天里的一道光
  22. Sep 9, 2008: WordPress 2.6.2 is Available To Download | I Love Blogging and Beyond
  23. Sep 9, 2008: Blog » WordPress 2.6.2 | lesterchan.net/wordpress
  24. Sep 9, 2008: WordPress 2.6.2 Release » Najib'Palace
  25. Sep 9, 2008: WordPress 2.6.2 发布了,有一个重要安全更新. released | JackyMao
  26. Sep 9, 2008: MinhMoc’s Blog » Blog Archive » WordPress 2.6.2
  27. Sep 9, 2008: Zero Day mobile edition
  28. Sep 9, 2008: WordPress 2.6.2 | WING LOON
  29. Sep 9, 2008: WordPress 2.6.2 upgrade | Ronakorn: My Speech: Thai SEO, SEM, SMM Service.
  30. Sep 9, 2008: WordPress 2.6.2 Released · Softonix.com
  31. Sep 9, 2008: WordPress 2.6.2 Released | Wordpress Blog NL
  32. Sep 9, 2008: WordPress 2.6.2 Update อีกแล้วนะครับ | Phet.in.th Google AdSense & SEO Commercial Make Money Online Blog
  33. Sep 9, 2008: href » SQL Column Truncation
  34. Sep 9, 2008: WordPress 2.6.2 | Crazy Crispy's Blog
  35. Sep 9, 2008: WordPress 2.6.2 - Sicherheitsrelease » Frank Helmschrott
  36. Sep 9, 2008: WordPress 2.6.2 Released&Update your wp-blog | Web About Money
  37. Sep 9, 2008: StoiBär » Blog Archiv » Wordpress 2.6.2 ist da
  38. Sep 9, 2008: Wordpress 2.6.2 listo para la descarga. | Unión de Bloggers Hispanos
  39. Sep 9, 2008: WordPress 2.6.2 Released | BlogBroker24-7
  40. Sep 9, 2008: WordPress 2.6.2 Now Available
  41. Sep 9, 2008: Wordpress 2.6.2 Released - PHP Exploit Negated
  42. Sep 9, 2008: WordPress 2.6.2 released | Gabfire web design
  43. Sep 9, 2008: Sicherheits-Release: WordPresss 2.6.2 - Beitrag - Schweizer WordPress Magazin
  44. Sep 9, 2008: Wordpress 2.6.2 released - Zoelqivlie | 19Fdesign.com | Run and Survival
  45. Sep 9, 2008: dies & das · WordPress 2.6.2 released
  46. Sep 9, 2008: WordPress upgraded to version 2.6.2 - Exploit fixed | Blogging about stuff
  47. Sep 9, 2008: WordPress upgraded to version 2.6.2 - Exploit fixed | 5 Dollar Script Installation Service
  48. Sep 9, 2008: Neue Wordpress Version 2.6.2 - Online - iBlog
  49. Sep 9, 2008: WordPress 2.6.2 Released | Freelocale.com
  50. Sep 9, 2008: wordpress漏洞利用-更改任意用户的密码 « 可可熊的窝
  51. Sep 9, 2008: Wordpress 2.6.2 ist erschienen - Kritisches Update im Leben des wolf-u.li
  52. Sep 9, 2008: Новая версия WordPress 2.6.2 закрывает дыры в безопасности. | Silent Max. Моя жизнь в Интернете.
  53. Sep 9, 2008: Webrocker » Schon wieder eine neue Wordpress Version: 2.6.2
  54. Sep 9, 2008: Lustiges Problem: Feldlänge in MySQL
  55. Sep 9, 2008: linux, m68n, wengophone and fun » upgrade auf wordpress - version 2.6.2
  56. Sep 9, 2008: Wordpress 2.6.2 - Important Security Fix
  57. Sep 9, 2008: Angreifer können Passwörter von WordPress-Nutzern zurücksetzen « Computerhilfe u. Info Blog
  58. Sep 9, 2008: Sicherheitsupdate f
  59. Sep 9, 2008: WordPress | 日本語 » WordPress 2.6.2
  60. Sep 9, 2008: Actualizando a WordPress 2.6.2 - Carrero Bitácora de los Hermanos Carrero, David Carrero Fernández-Baillo y Jaime Carrero Fernández-Baillo.
  61. Sep 9, 2008: Wordpress 2.6.2 erschienen - goizio.com
  62. Sep 9, 2008: WordPress 2.6.2 | pBlog
  63. Sep 9, 2008: Tim’s technology & design blog » Blog Archive » WordPress 2.6.2
  64. Sep 9, 2008: Otra actualización menor de WordPress (la 2.6.2) » blogpocket 7.0
  65. Sep 9, 2008: Wordpress 2.6.2 Released at kyleabaker.com
  66. Sep 9, 2008: Planeta WordPress » Blog Archive » Actualizando a WordPress 2.6.2
  67. Sep 9, 2008: Elliot Fernández
  68. Sep 9, 2008: Planeta WordPress » Blog Archive » Otra actualización menor de WordPress (la 2.6.2)
  69. Sep 9, 2008: WordPress 2.6.2 released - Webmaster Forum
  70. Sep 9, 2008: WordPress 2.6.2 Released | jonRaptor's Blog
  71. Sep 9, 2008: Wordpress 2.6.2 | Tudo Para Wordpress
  72. Sep 9, 2008: WordPress 2.6.2 Telah Dirilis! : Mochammad Kurniawan
  73. Sep 9, 2008: Chenliang’s Blog » WordPress 2.6.2
  74. Sep 9, 2008: Bookmarks for September 5th through September 9th | Bieber Labs
  75. Sep 9, 2008: Angreifer k
  76. Sep 9, 2008: WordPress 2.6.2 發佈 « 高登工作室
  77. Sep 9, 2008: WordPress | Indonesia » WordPress 2.6.2
  78. Sep 9, 2008: Rob-Online Blog » We Have Upgraded to Wordpress 2.6.2
  79. Sep 9, 2008: WordPress 2.6.2 Mandatory Upgrade « Lorelle on WordPress
  80. Sep 9, 2008: Upgrade Freak! Wordpress 2.6.2 | id.JPMStyle.com
  81. Sep 9, 2008: Security update from Wordpress: version 2.6.2 | MyTestBox.com - web software reviews, news and tips & tricks
  82. Sep 9, 2008: BlogMaster - Disponibile WordPress 2.6.2
  83. Sep 9, 2008: Security advisory for WordPress and other PHP sites | TAPACOM
  84. Sep 9, 2008: Security advisory for WordPress and other PHP sites | Web Weavers Workshop
  85. Sep 9, 2008: WordPress 2.6.2 Mandatory Upgrade | Wordpress Blog NL
  86. Sep 9, 2008: Security Update for Wordpress- Version 2.6.2 | The Good Blog Guide
  87. Sep 9, 2008: // TBDTTT » Wordpress 2.6.2 [Update]
  88. Sep 9, 2008: » Blog Archive » Nova Versão do Wordpress 2.6.2OPERSI - O Novo Dominio
  89. Sep 9, 2008: The Frog Blog » MySQL column truncation vulnerability
  90. Sep 9, 2008: Prevent a Wordpress Vulnerability Exploit - Upgrade to 2.6.2 | Current Events in Computer Technology | KodeeXII.Net
  91. Sep 9, 2008: WordPress în limba română | CNET.ro
  92. Sep 9, 2008: OCEANGRAY.NET | wordpress 2.6.2 duyuruldu
  93. Sep 9, 2008: Wordpress 2.6.2 Sicherheitsupdate
  94. Sep 10, 2008: WordPress, You’re Making Me Crazy! | OVBlogger: Blogging and SEO
  95. Sep 10, 2008: Wordpress - Urgent upgrade | MyPersonalVPS.com
  96. Sep 10, 2008: Security Upgrade for WordPress Blogs with Open User Registration—WordPress 2.6.2 | ThrillingDesign.com
  97. Sep 10, 2008:   WordPress 2.6.2 Released by Tdot - Blog
  98. Sep 10, 2008: links for 2008-09-09 (Jarrett House North)
  99. Sep 10, 2008: Update Wordpress Yang Gagal | sariful |
  100. Sep 10, 2008: WordPress 2.6.1 to 2.6.2 Update File (WordPress Wednesday) » Techtites
  101. Sep 10, 2008: WordPress 2.6.2 | SuperBlog
  102. Sep 10, 2008: WordPress 2.6.2 Released » Duckeldanny - Make Money Online with your Money Blog
  103. Sep 10, 2008: Wordpress 2.6.2 - Security release | Flussodigitale
  104. Sep 10, 2008: » WordPress 2.6.2 în limba română | Wordpress in Romana
  105. Sep 10, 2008: WordPress 2.6.2はセキュリティ修正 | Selfkleptomaniac
  106. Sep 10, 2008: WordPress 2.6.3 já disponivel
  107. Sep 10, 2008: propaganda press! is state sponsored » Blog Archive » WordPress 2.6.2
  108. Sep 10, 2008: Dirilis, Wordpress 2.6.2 | hakim's weblog
  109. Sep 10, 2008: WordPress | България » WordPress 2.6.2 на български
  110. Sep 10, 2008: WordPress 2.6.2 » JaypeeOnline // Blogging News & Reviews
  111. Sep 10, 2008: WordPress 2.6.2 на български — Аз, света и сметачите
  112. Sep 10, 2008: Actualización de Wordpress 2.6.1
  113. Sep 10, 2008: MySQL and SQL Column Truncation Vulnerabilities « ./Panzera Sec Blog
  114. Sep 11, 2008: WordPress 2.6.2(stable) released, WordPress Discussion Discussion
  115. Sep 11, 2008: » SQL Column Truncation Vulnerabilities » www.notsosecure.com
  116. Sep 11, 2008: Kozika strona (i domowe piwko) » Blog Archive » Nauka się nie kończy
  117. Sep 12, 2008: Updated to WordPress 2.6.2 | FlishFun.com
  118. Sep 12, 2008: 2 Problemas graves que se solucionan en WordPress 2.6.2 | La Comunidad DragonJAR
  119. Sep 12, 2008: WordPress 2.6.2 » EricByers.com
  120. Sep 12, 2008: MySQLのカラム複製脆弱性 | Selfkleptomaniac
  121. Sep 12, 2008: DataCentury.net Tech Blog » Излезе WordPress 2.6.2 на български.
  122. Sep 12, 2008: WordPress Security update: WordPress 2.6.2 : I-Dimensie
  123. Sep 13, 2008: » Blog Archive » Site Update (September)
  124. Sep 13, 2008: Internet Security » Архив блога » SQL Column Truncation в Wordpress
  125. Sep 13, 2008: Mandatory Upgrade: WordPress 2.6.2
  126. Sep 13, 2008: Wordpress 2.6.2 released | wordpressguru.eu
  127. Sep 13, 2008: Online Social Blog » Blog Archive » Wordpress 2.6.2
  128. Sep 13, 2008: Mosharaf Kabir Chowdhury » Blog Archive » WordPress 2.6.2 released
  129. Sep 13, 2008:   Upgrade to Wordpress 2.6.2 by Daily Free Tips
  130. Sep 15, 2008: Itasec • Blog Archive • MySQL and SQL Column Truncation Vulnerabilities
  131. Sep 15, 2008: PhHosting » WordPress 2.6.2 Sicherheitsupdate
  132. Sep 16, 2008: Wordpress 2.6.2 Telah di Rilis « Muslim’s Weblog
  133. Sep 17, 2008: WordPress 2.6.2 în limba română | Lumea lui Crow
  134. Sep 18, 2008: Upgrade Your Wordpress to 2.6.2 version
  135. Sep 19, 2008: The Cotton Club » Blog Archive » SQL Truncate & mt_rand()
  136. Sep 20, 2008: Blog Archive SQL Column Truncation Vulnerabilities - João Morais Blog
  137. Sep 23, 2008: FOR WORDPRESS - WordPress 2.6.2
  138. Sep 24, 2008: PhotoNeil’s Favourite Blogs » Weblog Tools Collection: WordPress 2.6.2 Released | A Comprehensive Collection of Blog Posts from my favourite Blogs
  139. Sep 24, 2008: PhotoNeil’s Favourite Blogs » Lorelle on WP: WordPress 2.6.2 Mandatory Upgrade | A Comprehensive Collection of Blog Posts from my favourite Blogs
  140. Sep 26, 2008: Wordpress 2.6.1 Dangerous Vulnerabilities, Upgrade to 2.6.2 NOW! | Djarot Studio
  141. Sep 26, 2008: Wordpress 2.6.1 Bugs Super Bahaya, Upgrade ke 2.6.2 Sekarang! | Djarot Studio
  142. Sep 27, 2008: Blog Pessoal de Ricardo Cabral & Suporte PT Servidor » WordPress 2.6.2 está disponível!
  143. Sep 28, 2008: Weblog.nl.pn » WordPress Security update: WordPress 2.6.2
  144. Sep 29, 2008: Update Wordpress (Version 2.6.2) | Catatanku
  145. Sep 29, 2008: Upgrade Wordpress Version 2.6.2 with Wordpress Automatic Upgrade | Catatanku
  146. Sep 30, 2008: Upgrade Wordpress Version 2.6.2 dengan Wordpress Automatic Upgrade « Catatanku
  147. Sep 30, 2008: WordPress 2.6.2 | How To WordPress
  148. Sep 30, 2008: WordPress 2.6.2 | KaosKoxp Oyun Portali
  149. Oct 2, 2008: 美美秀 » Blog Archive » wordpress管理密码2.6.1以下版本通杀[转]
  150. Oct 3, 2008: Tasnik Blog » WordPress 2.6.2
  151. Oct 5, 2008: ╭t.n.⌒╮↵ » WordPress 2.6.2
  152. Oct 6, 2008: wordpress versi 2.6.2 » Komputer & Internet
  153. Oct 7, 2008: Upgrade WordPress Version 2.6.2 dengan WordPress Automatic Upgrade « BustHood Site’s
  154. Oct 8, 2008: WordPress 2.6.2 | PATRON DIGITAL.COM
  155. Oct 9, 2008: WordPress 2.6.2 | PATRON.ORG.UK
  156. Oct 17, 2008: WordPress 2.6.2 | ArabianLabs
  157. Oct 18, 2008: follow the white rabbit » Responsible security releases
  158. Oct 20, 2008: Republica » WordPress 2.6.2
  159. Oct 22, 2008: MySQL Truncation Etc… | Small Business System
  160. Oct 23, 2008: WordPress 2.6.2 | Aslifmbiz Blog
  161. Oct 23, 2008: WordPress 2.6.2
  162. Oct 28, 2008: MySQL and SQL Column Truncation Vulnerabilities « UK Web Developer’s Blog
  163. Nov 1, 2008: WordPress Taiwan 正體中文 › WordPress 2.6.2
  164. Nov 15, 2008: WordPress 2.6.2, la solució a dos problemes de seguretat
  165. Nov 28, 2008: RONETW » We Have Upgraded to Wordpress 2.6.2
  166. Jan 25, 2009: Security Upgrade for WordPress Blogs with Open User Registration—WordPress 2.6.2 » Thrilling Heroics
  167. Jan 27, 2009: Top Web Hacking Techniques of 2008 « 0×0e | a pentester’s view
  168. Feb 1, 2009: WordPress 2.6.2 is Released | Blog Supplies
  169. Feb 3, 2009: 猪在笑 » Blog Archive » What’s new in web hacking techniques of 2008
  170. Mar 10, 2009: Responsible security releases | WORLD OF VIRTUAL LINUX -XEN

Post a Comment