| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 10 Aug 2011 15:05:31 +0200 (CEST) From: advisory@...ridge.ch To: bugtraq@...urityfocus.com Subject: SQL injection in Social Slider Vulnerability ID: HTB23033 Reference: http://www.htbridge.ch/advisory/sql_injection_in_social_slider.html Product: Social Slider Vendor: Lukasz Wiecek ( http://wiecek.pl ) Vulnerable Version: 5.6.2 and probably prior Tested on: 5.6.2 Vendor Notification: 20 July 2011 Vulnerability Type: SQL Injection Risk level: High Credit: High-Tech Bridge SA Security Research Lab ( http://www.htbridge.ch/advisory/ ) Vulnerability Details: High-Tech Bridge SA Security Research Lab has discovered vulnerability in Social Slider, which can be exploited to perform SQL injection attacks. Input passed via the "rA" POST parameter to /wp-content/plugins/social-slider-2/ajax.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The following PoC code is available: <form action="http://[host]/wp-content/plugins/social-slider-2/ajax.php" method="post" name="main" > <input name="action" value="ZapiszPozycje" type="hidden"> <input name="rA[]" value="SQL CODE HERE" type="hidden"> <input type="submit" value="submit" name="submit" /> </form>
Powered by blists - more mailing lists