WordPress Ads Box plugin 'Count' parameter SQL Injection Vulnerability

Release date:
Updated on:

Affected Systems:
WordPress Ads Box
Description:
--------------------------------------------------------------------------------
Bugtraq id: 56681

The Ads Box plug-in of WordPress can add an ad Box sidebar on the website.

WordPress Ads Box plug-in does not properly filter the count parameter of iframe_ampl.php, leading to the SQL injection vulnerability. Attackers can exploit this vulnerability to operate the database illegally and obtain important information.

<* Source: Ashiyane Digital Security Team

Link: http://packetstormsecurity.org/files/118342/wpadsbox-sql.txt
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

Http://www.example.com/wp-content/plugins/ads-box/iframe_ampl.php? Count = [SQLi]

Suggestion:
--------------------------------------------------------------------------------
Temporary solution:

If you cannot install or upgrade the patch immediately, NSFOCUS recommends that you take the following measures to reduce the threat:

1. modify the code. If the count parameter value is not a number, no SQL query is executed.

Vendor patch:

WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Wordpress.org/extend/plugins/