WordPress WassUp插件spy.php脚本远程SQL注入漏洞

BUGTRAQ ID: 27525 WordPress是一款免费的论坛Blog系统。 WordPress的WassUp插件存在输入验证漏洞，远程攻击者可能利用此漏洞执行SQL注入攻击。 WordPress的WassUp插件中spy.php文件没有正确地验证对todate参数的输入： if isset$GET'todate' $todate = htmlentitiesstriptags$GET'todate'; ........... spyview$fromdate,$todate,$rows; -In main.php function spyview...

Sql injection

Multiple SQL injection vulnerabilities in main.php in the WassUp plugin 1.4 through 1.4.3 for WordPress allow remote attackers to execute arbitrary SQL commands via the 1 fromdate or 2 todate parameter to spy.php...

Wordpress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit

No description provided by source. ? WordPress WassUp plugin v 1.4.3 Sql Injection Exploit Plugin Homepage-http://www.wpwp.org/ Found by:enterthedragon Tested successfully on v 1.4-1.4.3 lower versions are possibly vulnerable too just check the source and modify the query as needed Vuln code -In...

Wordpress Plugin WassUp 1.4.3 (spy.php to_date) SQL Injection Exploit

Exploit for unknown platform in category web applications ===================================================================== Wordpress Plugin WassUp 1.4.3 spy.php todate SQL Injection Exploit ===================================================================== getresults"SELECT id, wassupid,...

WordPress Plugin WassUp 1.4.3 - to_date SQL Injection

WordPress Plugin WassUp 1.4.3 - todate SQL Injection getresults"SELECT id, wassupid, maxtimestamp as maxtimestamp, ip, hostname, searchengine, urlrequested, agent, referrer, spider, username, commentauthor FROM $tablename WHERE timestamp BETWEEN $fromdate AND $todate GROUP BY id ORDER BY...