WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection Vulnerability

2018-06-13T00:00:00
ID 1337DAY-ID-30578
Type zdt
Reporter DefenseCode
Modified 2018-06-13T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Title: WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection
# Author: defensecode
# Software: WordPress Ultimate Form Builder Lite plugin
# Version: 1.3.7 and below
 
# The easiest way to reproduce the SQL injection vulnerability is to
# visit the provided URL while being logged in as administrator or
# another user that is authorized to access the plugin settings page.
# Users that do not have full administrative privileges could abuse the
# database access the vulnerability provides to either escalate their
# privileges or obtain and modify database contents they were not
# supposed to be able to.
 
# SQL injection
# Vulnerable Function:  $wpdb->get_row()
# Vulnerable Variable:  $_POST['entry_id']
# Vulnerable URL:       http://vulnerablesite.com/wp-admin/admin-ajax.php
# Vulnerable POST body:
 
entry_id=ExploitCodeHere&_wpnonce=xxx&action=ufbl_get_entry_detail_action
 
# Disclosure Timeline
# 2018/06/01   Vulnerabilities discovered
# 2018/06/06   Vendor contacted
# 2018/06/08   Vendor responded
# 2018/06/12   Advisory released to the public

#  0day.today [2018-06-13]  #