WordPress WP Symposium plugin <= 11.12.08 SQL Injection

Mr.XpR

پیشکسوت

تاریخ عضویت: May 2012

نوشته: 971
- اشتراک
- توییت
#1

WordPress WP Symposium plugin <= 11.12.08 SQL Injection

05-17-2012, 01:15 PM

[align=LEFT]
[align=CENTER]WordPress WP Symposium plugin <= 11.12.08 SQL Injection[/align]
[php]

# Exploit Title: WordPress WP Symposium plugin <= 11.12.08 SQL Injection Vulnerability
# Google Dork: Mbah_Semar Ganteng
# Date: Dec 15, 2011
# Author: Mbah_Semar | fuji[at]hacker[dot]or[dot]id |
# Software Link: http://downloads.wordpress.org/plugi...m.11.12.08.zip
# Vendor : http://www.wpsymposium.com/
# Version: 11.12.08
# Tested on: My Blog
# Greetz: Inj3ct0r Team 1337day.com

---
PoC
---

http://site/[path]/pagename/profile?uid=1[SQLi]

---------------
Vulnerable code
---------------
wp-content/plugins/wp-symposium/symposium_profile.php

if (isset($_GET['uid'])) {
$uid = $_GET['uid'];
} else {
$uid = $current_user->ID;
}

query to the variable $uid is not filtered
[/php][/align]

[align=center][/align]
برچسب ها: هیچ یک

اطلاعیه