| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAErqYeFtvtSVARePYuBQgNAMw7KRUzt-GxJ1CzxnrsUaYrunXA@mail.gmail.com> Date: Fri, 10 May 2019 17:23:41 +0200 From: Daniele Scanu <danielescanu20@...il.com> To: fulldisclosure@...lists.org Subject: [FD] WordPress Plugin Form Maker 1.13.3 - SQL Injection # Exploit Title: WordPress Plugin Form Maker 1.13.3 - SQL Injection # Date: 22-03-2019 # Exploit Author: Daniele Scanu @ Certimeter Group # Vendor Homepage: https://10web.io/plugins/ # Software Link: https://wordpress.org/plugins/form-maker/ # Version: 1.13.3 # Tested on: Wordpress 5.1 Description: In the Form Maker plugin before 1.13.3 for WordPress, it's possible to achieve SQL injection in the function get_labels_parameters in the file form-maker/admin/models/Submissions_fm.php with a crafted value of the asc_or_desc parameter. PoC: * Go in to Form-Maker menu and select Submissions. * Open menu "Select a form" and select an any item for example "Contact Us". * Go in to url bar and insert in asc_or_desc parameter a payload such as: ,(case+when+(select+sleep(5)+from+wp_formmaker_submits+limit+1)+then+1+else+2+end)+asc+--+ With this payload the server will sleep for 5 second. MITRE assigned CVE-2019-10866 for this issue. Daniele Scanu _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists