WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月4日2年前

# Title: WordPress Ultimate Form Builder Lite Plugin < 1.3.7 - SQL Injection
# Author: defensecode
# Date: 2018-06-12
# Software: WordPress Ultimate Form Builder Lite plugin
# Version: 1.3.7 and below

# The easiest way to reproduce the SQL injection vulnerability is to
# visit the provided URL while being logged in as administrator or
# another user that is authorized to access the plugin settings page.
# Users that do not have full administrative privileges could abuse the
# database access the vulnerability provides to either escalate their
# privileges or obtain and modify database contents they were not
# supposed to be able to.

# SQL injection
# Vulnerable Function:  $wpdb->get_row()
# Vulnerable Variable:  $_POST['entry_id']
# Vulnerable URL:       http://vulnerablesite.com/wp-admin/admin-ajax.php
# Vulnerable POST body:

entry_id=ExploitCodeHere&_wpnonce=xxx&action=ufbl_get_entry_detail_action

# Disclosure Timeline
# 2018/06/01   Vulnerabilities discovered
# 2018/06/06   Vendor contacted
# 2018/06/08   Vendor responded
# 2018/06/12   Advisory released to the public

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

WordPress Plugin Ultimate Form Builder Lite < 1.3.7 - SQL Injection

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索