WordPress Daily Edition 1.6.2 SQL Injection

`*WordPress Daily Edition Theme v1.6.2 SQL Injection Security  
Vulnerabilities*  
  
  
Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id  
Parameters SQL Injection Security Vulnerabilities  
Product: WordPress Daily Edition Theme  
Vendor: WooThemes  
Vulnerable Versions: v1.6.2  
Tested Version: v1.6.2  
Advisory Publication: Mar 07, 2015  
Latest Update: Mar 07, 2015  
Vulnerability Type: Improper Neutralization of Special Elements used in an  
SQL Command ('SQL Injection') [CWE-89]  
CVE Reference: *  
Impact CVSS Severity (version 2.0):  
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)  
Impact Subscore: 6.4  
Exploitability Subscore: 10.0  
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),  
Singapore]  
  
  
  
  
  
  
  
*Advisory Details:*  
  
  
*(1) Vendor & Product Description:*  
  
  
  
*Vendor:*  
WooThemes  
  
  
  
*Product & Version:*  
WordPress Daily Edition Theme  
v1.6.2  
  
  
  
*Vendor URL & Download:*  
WordPress Daily Edition Theme can be got from here,  
http://www.woothemes.com/products/daily-edition/  
  
  
  
*Product Introduction:*  
"Daily Edition WordPress Theme developed by wootheme team and Daily Edition  
is a clean, spacious newspaper/magazine theme designed by Liam McKay. With  
loads of home page modules to enable/disable and a unique java script-based  
featured scroller and video player the theme oozes sophistication"  
  
"The Daily Edition theme offers users many options, controlled from the  
widgets area and the theme options page – it makes both the themes  
appearance and functions flexible. From The Daily Edition 3 option pages  
you can for example add your Twitter and Google analytics code, some custom  
CSS and footer content – and in the widgets area you find a practical ads  
management."  
  
"Unique Features  
These are some of the more unique features that you will find within the  
theme:  
A neat javascript home page featured slider, with thumbnail previews of  
previous/next slides on hover over the dots.  
A “talking points” home page that can display posts according to tags,  
in order of most commented to least commented. A great way to highlight  
posts gathering dust in the archives.  
A customizable home page layout with options to specify how many full  
width blog posts and how many “box” posts you would like to display.  
A javascript home page video player with thumbnail hover effect.  
16 delicious colour schemes to choose from!"  
  
  
  
  
  
  
  
*(2) Vulnerability Details:*  
WordPress Daily Edition Theme web application has a security bug problem.  
It can be exploited by SQL Injection attacks. This may allow a remote  
attacker to inject or manipulate SQL queries in the back-end database,  
allowing for the manipulation or disclosure of arbitrary data.  
  
  
*(2.1)* The code flaw occurs at "fiche-disque.php?" page with "&id"  
parameter.  
  
  
  
  
  
  
  
  
*References:*  
http://www.tetraph.com/security/sql-injection-vulnerability/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/  
http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-sql.html  
http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/  
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/  
https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/  
http://seclists.org/fulldisclosure/2015/Mar/27  
http://packetstormsecurity.com/files/130075/SmartCMS-2-SQL-Injection.html  
  
  
  
  
  
  
--  
Wang Jing,  
Division of Mathematical Sciences (MAS),  
School of Physical and Mathematical Sciences (SPMS),  
Nanyang Technological University (NTU),  
Singapore.  
http://www.tetraph.com/wangjing/  
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts  
  
  
`