SQL Injection Vulnerability in cdnvote

ID HTB22845
Type htbridge
Reporter High-Tech Bridge
Modified 2011-02-08T00:00:00


High-Tech Bridge SA Security Research Lab has discovered vulnerability in cdnvote WordPress plugin which could be exploited to perform SQL injection attacks.

1) SQL injection vulnerability in cdnvote
The vulnerability exists due to input sanitation errors in the "cdnvote_point" parameter in wp-content/plugins/cdnvote/cdnvote-post.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
Exploitation example:
<form action="http://[host]/wp-content/plugins/cdnvote/cdnvote-post.php" method="post" name="main" >
<input type="hidden" name="cdnvote_post_id" value="SQL_CODE_HERE" />
<input type="hidden" name="cdnvote_point" value="OR_HERE" />
<input type="submit" value="Register" name="submit" />