Thursday, January 31, 2008 2:52 PM
cmosby
WordPress WassUp Plugin "to_date" SQL Injection Vulnerability - Advisories - Secunia
WordPress WassUp Plugin "to_date" SQL Injection Vulnerability
Secunia Advisory:
SA28702
Release Date:
2008-01-31
Critical:
Moderately critical
Impact:
Manipulation of data
Exposure of sensitive information
Where:
From remote
Solution Status:
Vendor Patch
Software:
WassUp 1.x (plugin for WordPress)
Description:
enter_the_dragon has reported a vulnerability in the WassUp plugin for WordPress, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "to_date" parameter in spy.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation allows e.g. retrieving usernames and password hashes for users and administrators, but requires knowledge of the database table prefix.
The vulnerability is reported in version 1.4 to 1.4.3. Other versions may also be affected.
Solution:
Update to version 1.4.3a.
http://wordpress.org/extend/plugins/wassup/
Provided and/or discovered by:
enter_the_dragon
Original Advisory:
WassUp:
http://www.wpwp.org/archives/warning-security-bug-in-version/
milw0rm:
http://milw0rm.com/exploits/5017