Lucene search
K

Social Slider 5.6.2 SQL Injection

🗓️ 11 Aug 2011 00:00:00Reported by High-Tech Bridge SAType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 24 Views

SQL Injection in Social Slider 5.6.

Code
`Vulnerability ID: HTB23033  
Reference: http://www.htbridge.ch/advisory/sql_injection_in_social_slider.html  
Product: Social Slider  
Vendor: Lukasz Wiecek ( http://wiecek.pl )   
Vulnerable Version: 5.6.2 and probably prior  
Tested on: 5.6.2  
Vendor Notification: 20 July 2011   
Vulnerability Type: SQL Injection  
Risk level: High   
Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ )   
  
Vulnerability Details:  
High-Tech Bridge SA Security Research Lab has discovered vulnerability in Social Slider, which can be exploited to perform SQL injection attacks.  
  
Input passed via the "rA" POST parameter to /wp-content/plugins/social-slider-2/ajax.php is not properly sanitised before being used in a SQL query.  
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.  
  
The following PoC code is available:  
  
  
<form action="http://[host]/wp-content/plugins/social-slider-2/ajax.php" method="post" name="main" >  
<input name="action" value="ZapiszPozycje" type="hidden">  
<input name="rA[]" value="SQL CODE HERE" type="hidden">  
<input type="submit" value="submit" name="submit" />  
</form>  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Aug 2011 00:00Current
0.3Low risk
Vulners AI Score0.3
24