Vulners
Lucene search
WordPress Plugin MoodThingy Widget 0.8.7 - Blind SQL Injection
# Exploit Title: WordPress MoodThingy Mood Rating Widget v0.8.7 Blind SQL Injection
# Date: 7/2/12
# Exploit Author: Chris Kellum
# Vendor Homepage: http://www.moodthingy.com/
# Software Link: http://downloads.wordpress.org/plugin/moodthingy-mood-rating-widget.0.8.7.zip
# Version: 0.8.7
=====================
Vulnerability Details
=====================
Input data from the form submission is not properly sanitized.
Using blind SQL injection techniques, true statements will result in the rating being updated, while false statements will cause the plugin to hang.
=================
Injection Example
=================
Using Burp Suite or other proxy, intercept the post request when submitting the form and append and 1=1 to the postID parameter before forwarding.
True statement example:
action=cast_vote&token=d9ad983425&moodthingyvote=6&postID=6 and 1=1&results_div_id=voteresults
In the example above, the request will process successfully and the rating will be updated accordingly.
By replacing 1=1 with 1=0, the plugin will hang and the process will never successfully complete, giving you the necessary true/false conditions for blind sql injections.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
04 Jul 2012 00:00Current
7High risk
Vulners AI Score7