[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress WP Symposium plugin <= 11.12.08 SQL Injection

Author
Mbah_Semar
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-17282
Category
web applications
Date add
17-12-2011
Platform
php
# Exploit Title: WordPress WP Symposium plugin <= 11.12.08 SQL Injection Vulnerability
# Google Dork: Mbah_Semar Ganteng
# Date: Dec 15, 2011
# Author: Mbah_Semar | fuji[at]hacker[dot]or[dot]id |
# Software Link: http://downloads.wordpress.org/plugin/wp-symposium.11.12.08.zip
# Vendor : http://www.wpsymposium.com/
# Version: 11.12.08
# Tested on: My Blog
# Greetz: Inj3ct0r Team 1337day.com
 
---
PoC
---
http://site/[path]/pagename/profile?uid=1[SQLi]
 
---------------
Vulnerable code
---------------
wp-content/plugins/wp-symposium/symposium_profile.php

if (isset($_GET['uid'])) {
   $uid = $_GET['uid'];
   } else {
   $uid = $current_user->ID;
}

query to the variable $uid is not filtered



#  0day.today [2024-12-25]  #