Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 22 Aug 2015 06:48:19 -0400
From: Larry W Cashdollar <larry0@...com>
To: oss-security@...ts.openwall.com
Subject: CVE Request Blind SQL Injection in wordpress plugin dukapress v2.5.9

Hello,
May I have a CVE for this vulnerability?

Title: Blind SQL Injection in wordpress plugin dukapress v2.5.9
Author: Larry W. Cashdollar, @_larry0
Date: 2015-08-04
Download Site: http://wordpress.org/plugins/dukapress/
Vendor: dukapress.org
Vendor Notified: 2015-08-07, fixed in v2.5.9.1
Vendor Contact: https://twitter.com/moshthepitt
Description: DukaPress is open source software that can be used to build 
online shops quickly and easily. DukaPress is built on top of WordPress, 
a world class content management system. DukaPress is built to be both 
simple and elegant yet powerful and scalable.
Vulnerability:
The code in dukapress/download.php does not sanitize user input before 
passing it to query() allowing SQL to be injected.  The user is not 
required to be logged into wordpress in order to exploit this vulnerability.


9:$sql = "SELECT saved_name, real_name, count, 
TIMESTAMPDIFF(SECOND,sent_time,NOW()) as time_diff FROM `{$table_name2}` 
WHERE saved_name='{$_GET['id']}'";
.
.
.

26:    $wpdb->query("UPDATE {$table_name2} SET count={$download_count} 
WHERE saved_name='{$_GET['id']}'");

Advisory: http://www.vapid.dhs.org/advisory.php?v=152

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ