Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Wordpress Video Gallery 2.7.0 SQL Injection Vulnerability

🗓️ 12 Feb 2015 00:00:00Reported by Claudio VivianiType 
zdt
 zdt🔗 0day.today👁 35 Views

Wordpress Video Gallery 2.7.0 SQL Injection Vulnerability. Discovered by Claudio Viviani with vendor patch

Related
Code
ReporterTitlePublishedViews
Family
Check Point Advisories		Wordpress Video Gallery Plugin SQL Injection (CVE-2014-9097)
12 Feb 201500:00
checkpoint_advisories
CVE		CVE-2014-9097
26 Nov 201415:00
cve
Cvelist		CVE-2014-9097
26 Nov 201415:00
cvelist
EUVD		EUVD-2014-8923
7 Oct 202500:30
euvd
NVD		CVE-2014-9097
26 Nov 201415:59
nvd
Patchstack		WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
24 Jul 201400:00
patchstack
Patchstack		WordPress Video Gallery Plugin 2.5 - Multiple Vulnerabilities
24 Jul 201400:00
patchstack
Patchstack		WordPress Video Gallery Plugin 2.7.0 - SQL Injection
12 Feb 201500:00
patchstack
Patchstack		WordPress Apptha Video Gallery Plugin <= 2.5 - Multiple SQL Injection
26 Nov 201400:00
patchstack
Prion		Sql injection
26 Nov 201415:59
prion
Rows per page
######################
 
# Exploit Title : Wordpress Video Gallery 2.7 SQL Injection Vulnerability
 
# Exploit Author : Claudio Viviani
 
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
 
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.7.zip
 
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=rss
             
 
# Date : 2015-02-11
 
# Tested on : Windows 7 / Mozilla Firefox
              Linux / Mozilla Firefox        
 
######################
 
# Vulnerability Disclosure Timeline:
 
2015-02-08:  Discovered vulnerability
2015-02-09:  Vendor Notification
2015-02-10:  Vendor Response/Feedback
2015-02-10:  Vendor Send Fix/Patch
2015-02-11:  Public Disclosure
 
# Description
 
Wordpress Video Gallery 2.7 suffers from SQL injection
 
 
######################
 
# PoC
 
http://target/wp-admin/admin-ajax.php?action=rss&type=video&vid=[SQLi]
 
 
#####################
 
# Fix/patch sent by apptha's developer
 
File: videogalleryrss.php
 
Change line n.47
 
from:
 
        $vid             = filter_input(INPUT_GET,'vid');
to:
 
        $vid             = intval(filter_input(INPUT_GET,'vid'));
 
#####################
 
Discovered By : Claudio Viviani
            http://www.homelab.it
            [email protected]
            [email protected]
 
            https://www.facebook.com/homelabit
            https://twitter.com/homelabit
            https://plus.google.com/+HomelabIt1/
        https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
 
#####################

#  0day.today [2018-03-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 Feb 2015 00:00Current
1.1Low risk
Vulners AI Score1.1
EPSS0.02542
wordpressvideo gallerysql injectionvulnerabilityappthaclaudio vivianivendor patchrss0day today
35