lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <CAFWG0-gL2Vbi_g6Cibmb2=Bc_8Wkksc7wph0tGfUq5LUDW+pSQ@mail.gmail.com>
Date: Sat, 7 Mar 2015 20:59:56 +0800
From: Jing Wang <justqdjing@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] WordPress Daily Edition Theme v1.6.2 SQL Injection Security
	Vulnerabilities

*WordPress Daily Edition Theme v1.6.2 SQL Injection Security
Vulnerabilities*


Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id
Parameters SQL Injection Security Vulnerabilities
Product: WordPress Daily Edition Theme
Vendor: WooThemes
Vulnerable Versions: v1.6.2
Tested Version: v1.6.2
Advisory Publication: Mar 07, 2015
Latest Update: Mar 07, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an
SQL Command ('SQL Injection') [CWE-89]
CVE Reference: *
Impact CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU),
Singapore]







*Advisory Details:*


*(1) Vendor & Product Description:*



*Vendor:*
WooThemes



*Product & Version:*
WordPress Daily Edition Theme
v1.6.2



*Vendor URL & Download:*
WordPress Daily Edition Theme can be got from here,
http://www.woothemes.com/products/daily-edition/



*Product Introduction:*
"Daily Edition WordPress Theme developed by wootheme team and Daily Edition
is a clean, spacious newspaper/magazine theme designed by Liam McKay. With
loads of home page modules to enable/disable and a unique java script-based
featured scroller and video player the theme oozes sophistication"

"The Daily Edition theme offers users many options, controlled from the
widgets area and the theme options page – it makes both the themes
appearance and functions flexible. From The Daily Edition 3 option pages
you can for example add your Twitter and Google analytics code, some custom
CSS and footer content – and in the widgets area you find a practical ads
management."

"Unique Features
These are some of the more unique features that you will find within the
theme:
    A neat javascript home page featured slider, with thumbnail previews of
previous/next slides on hover over the dots.
    A “talking points” home page that can display posts according to tags,
in order of most commented to least commented. A great way to highlight
posts gathering dust in the archives.
    A customizable home page layout with options to specify how many full
width blog posts and how many “box” posts you would like to display.
    A javascript home page video player with thumbnail hover effect.
    16 delicious colour schemes to choose from!"







*(2) Vulnerability Details:*
WordPress Daily Edition Theme web application has a  security bug problem.
It can be exploited by SQL Injection attacks. This may allow a remote
attacker to inject or manipulate SQL queries in the back-end database,
allowing for the manipulation or disclosure of arbitrary data.


*(2.1)* The code flaw occurs at "fiche-disque.php?" page with "&id"
parameter.








*References:*
http://www.tetraph.com/security/sql-injection-vulnerability/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/
http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-sql.html
http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/
http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/
https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/
http://seclists.org/fulldisclosure/2015/Mar/27
http://packetstormsecurity.com/files/130075/SmartCMS-2-SQL-Injection.html






--
Wang Jing,
Division of Mathematical Sciences (MAS),
School of Physical and Mathematical Sciences (SPMS),
Nanyang Technological University (NTU),
Singapore.
http://www.tetraph.com/wangjing/
https://plus.google.com/u/0/+JingWang-tetraph-justqdjing/posts

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ