Popular Wordpress Analytics plugins-WP-Slimstat weak key and the sql injection vulnerability analysis-vulnerability warning-the black bar safety net

2015-02-26T00:00:00
ID MYHACK58:62201559436
Type myhack58
Reporter 佚名
Modified 2015-02-26T00:00:00

Description

! /Article/UploadPic/2015-2/2 0 1 5 2 2 6 1 1 4 2 5 0 6 4 5. png

Web Security enterprise Sucuri Tuesday in a blog post said that they in the latest version of Wordpress Analytics plugins-WP-Slimstat found in asql injectionvulnerabilities, exploit the vulnerability, an attacker can perform sql blind injection, so that access to the database of sensitive information. On the Internet more than 1 0 0 million sites affected.

About the WP-Slimstat

WP SlimStat is a very powerful WordPress real-time statistical analysis plug-in, by the plug-in can view the site access. WordPress on the record display, this plug-in have been downloaded more than 1 3 0 million.

Vulnerability analysis

Features through the analysis found that this vulnerability is not a simplesql injection, or more interesting, here with everyone to view.

First, when you open the WP-Slimstat plug-in after that, whenever you visit a web page, the system will be via ajax to the/wp-admin/admin-ajax. php send a post request, the records you currently accessing the page.

Send the data as shown below:

! /Article/UploadPic/2015-2/2 0 1 5 2 2 6 1 1 4 2 5 0 2 3 4. png

Wherein the data is a base64-encoded data, after decoding is

|

1

|

ci=YToyOntzOjEyOiJjb250ZW50X3R5cGUio3m6ndoiag9tzsi7czo4oijjyxrlz29yesi7czowoiiio30=. ae93e0c4e2f76695c4dd540456ab7945&ref=&res=aHR0cDovLzEwLjE4LjE4MC4zNy93b3Jkchjlc3mv&sw=1 9 2 0&sh=1 0 8 0&cd=2 4&aa=1&sl=2 0 0 4&pp=7 2 6 7&pl=flash|

---|---

[1] [2] [3] [4] [5] [6] next