Vulners
Lucene search
WordPress Cardoza Ajax Search 1.1 SQL Injection
🗓️ 08 Nov 2012 00:00:00Reported by Marcela BenetrixType 
packetstorm🔗 packetstormsecurity.com👁 24 Views
`#############################
Exploit Title : SQl INJECTION AJAX Post Search --- wordpress plugin---
Author:Marcela Benetrix
home:www.girlinthemiddle.net
Date: 10/12/12
version: 1.1
software link: http://wordpress.org/extend/plugins/cardoza-ajax-search/
#############################
AJAX Post Search wordpress plugin description
This plugin will allow your website visitors to search the posts of your site without page refresh.
##########################
SQL (blind) injection description
The problem was located in :cardoza_ajax_search.php file, to be more specific the_search_function() . I could see that the srch_txt field hadn't been sanitized.
POC:
/wp-admin/admin-ajax.php/?srch_txt='or 1=1-- &action=the_search_text
via ajax
it is possible to access the database and as a consequence get user information such as usernames, passwords among other data
##########################
Vendor Notification
10/12/2012 to: the developer. He replied immediately and fixed the problem.
posted in plugin track repository http://plugins.trac.wordpress.org/ticket/1588
Because of it, a new version has been released
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2012 00:00Current
0.5Low risk
Vulners AI Score0.5