Wordpress - wp-realty - MySQL Time Based Injection

vendor:

wp-realty

by:

Napsterakos

8,8

CVSS

HIGH

MySQL Time Based Injection

CWE

Product Name: wp-realty

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: cpe:a:wprealty:wp-realty

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2013

WordPress – wp-realty – MySQL Time Based Injection

This vulnerability allows an attacker to inject malicious SQL queries via the "listing_id" parameter in the "index_ext.php" script. This vulnerability is due to the lack of input validation and sanitization of the "listing_id" parameter. An attacker can exploit this vulnerability to gain access to the database and execute arbitrary SQL queries.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

 $$$$$$\      $$\   $$\     $$$$$$\  
$$  __$$\     $$ |  $$ |   $$  __$$\ 
$$ /  \__|    $$ |  $$ |   $$ /  \__|
$$ |$$$$\     $$$$$$$$ |   \$$$$$$\  
$$ |\_$$ |    $$  __$$ |    \____$$\ 
$$ |  $$ |    $$ |  $$ |   $$\   $$ |
\$$$$$$  |$$\ $$ |  $$ |$$\\$$$$$$  |
 \______/ \__|\__|  \__|\__|\______/ 
 
# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos


Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]


Credits to: Greek Hacking Scene