WordPress NextGEN Smooth Gallery BLIND SQL injection

vendor:

NextGEN Smooth Gallery

by:

kaMtiEz

7,5

CVSS

HIGH

BLIND SQL

CWE

Product Name: NextGEN Smooth Gallery

Affected Version From: 1.2

Affected Version To: 1.2

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:nextgen_smooth_gallery

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

WordPress NextGEN Smooth Gallery BLIND SQL injection

WordPress NextGEN Smooth Gallery plugin version 1.2 or lower is vulnerable to a Blind SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Update to the latest version of the plugin.

Source

Exploit-DB raw data:

#############################################################################################################
## WordPress NextGEN Smooth Gallery BLIND SQL injection			                                   ##
## Author : kaMtiEz (kamzcrew@yahoo.com)								   ##
## Homepage : http://www.indonesiancoder.com    	     					    	   ##
## Date : 03 August, 2010 						                                   ##
#############################################################################################################

[ Software Information ]

[+] Download : http://downloads.wordpress.org/plugin/nextgen-smooth-gallery.1.2.zip
[+] version : 1.2 or lower maybe also affected
[+] Vulnerability : BLIND SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA

#############################################################################################################

[ Vulnerable File ]

http://127.0.0.1/[kaMtiEz]/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=[VALID ID][BLIND-SQL]

[ DEMO ]

http://www.site.com/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=31[BLIND-SQL]

http://www.site.com/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=34[BLIND-SQL]

http://www.site.com/dp2009/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=2[BLIND-SQL]

[ FIX ]

dunno :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW
[+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n
[+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku,isarock


[ NOTE ] 

[+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM 
[+] Menyambut kemerdekaan INDONESIA .. MERDEKA !! 
[+] Selamat Menyambut datangnya bulan ramadhan :D
[+] sendiri di malam hari sambil merokok menikmati indahnya pagi ;)

[ QUOTE ]

[+] INDONESIANCODER still r0x
[+] nothing secure ..