WordPress Lead Octopus Power 'id' parameter SQL Injection Vulnerability

WordPress Lead Octopus Power 'id' parameter SQL Injection Vulnerability

Release date:
Updated on:

Affected Systems:
WordPress Lead Octopus Power
Description:
--------------------------------------------------------------------------------
Bugtraq id: 68934
 
WordPress's Lead Octopus Power plug-in does not effectively filter wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php? The SQL injection vulnerability exists in the implementation of user data in id =. Attackers can exploit this vulnerability to perform unauthorized database operations.
 
<* Source: Amirh03in

Link: http://packetstormsecurity.com/files/127640/wplop-sql.txt
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php? Id = [SQL]

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
 
WordPress
---------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
 
Http://wordpress.org/

This article permanently updates the link address: