Ocim MP3 Plugin SQL Injection Vulnerability

vendor:

Ocim MP3 Plugin

by:

xevil and Blankon33

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Ocim MP3 Plugin

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Wordpress 4.4.2

2016

Ocim MP3 Plugin SQL Injection Vulnerability

Ocim MP3 is Plugin to make MP3 Grabber site based on Wordpress. Injecting malicious SQL code into the 'id' parameter of the 'pages.php' file can lead to SQL injection.

Mitigation:

Input validation and sanitization should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

========
Ocim MP3 Plugin SQL Injection Vulnerability
========

:----------------------------------------------------------------------------------------------------:
: # Exploit Title : Ocim MP3 Plugin SQL Injection Vulnerability
: # Date : 26 February 2016
: # Author : xevil and Blankon33
: # Vendor Site: http://www.ocimscripts.com/
: # Version:
: # Vulnerability : SQL Injection
: # Tested on : Wordpress 4.4.2
: # Severity : High
:----------------------------------------------------------------------------------------------------:

Summary
========
Ocim MP3 is Plugin to make MP3 Grabber site based on Wordpress.

Proof of Concept
========
Infected URL:
http://[Site]/[Path]/wp-content/plugins/ocim-mp3/source/pages.php?id=['SQLi]


Admin Panel:
http://[Site]/[Path]/oc-login.php

===========
Thanks to
===========
All Indonesian Hacker!!!