Login

Tag Archives: SQL Injection

8 Jun 2017

Vulnerability Details: SQL Injection Vulnerability in Save Contact Form 7

From time to time vulnerabilities are fixed in plugin without someone putting out a report on the vulnerability and we will put out a post detailing the vulnerability. While putting out the details of the vulnerability increases the chances of it being exploited, it also can help to identify vulnerabilities that haven’t been fully fixed (in some cases not fixed at all) and help to identify additional vulnerabilities in the plugin.

[Read more]

24 May 2017

False Vulnerability Report: SQL Injection Vulnerability in Featured Image Resize

As part of our cataloging the vulnerabilities in WordPress plugins for our service we come across false reports of vulnerabilities from time to time. So that others don’t spend their time looking over these as well, we post our findings on them. The data on these false reports is also included in our service’s data.

Earlier today a thread was started on the WordPress Support Forum claiming that plugin Featured Image Resize contained a SQL injection vulnerability. Between us being notified of the thread and when went to check over things, half the message was removed. It isn’t clear if was removed by the poster or silently removed by a forum moderator (they do some strange stuff along those lines), whichever it was it causes a problem, as what was removed makes it easy to see that the vulnerability doesn’t exist. [Read more]

3 Oct 2016

SQL Injection Vulnerability in Party Hall Booking Manager

One of the things we do to make sure we are providing our customers with the best data on the vulnerabilities that exist and are being exploited in WordPress plugins is to monitor our websites for hacking attempts. Through that we have found a quite a few vulnerabilities that exist in the current versions of plugins that it looks like hackers have already started exploiting. In the most recent case though we are still not quite sure what the hacker was targeting. Recently we found a hacker probing for usage of the plugin Party Hall Booking Manager, along with five other plugins at the same time. As we started looking over the plugins, one connection we found was that they all contained code that looked susceptible to SQL injections. That type of vulnerability is not one we often see target by hackers, so it is possible there is an additional issue with the plugin.

In a number of places in the code, user input is included in SQL queries without sanitization being done or a parametrized query being used. Below in one of those that we confirmed is exploitable. [Read more]

3 Oct 2016

SQL Injection Vulnerability in bbPress Like Button

One of the things we do to make sure we are providing our customers with the best data on the vulnerabilities that exist and are being exploited in WordPress plugins is to monitor our websites for hacking attempts. Through that we have found a quite a few vulnerabilities that exist in the current versions of plugins that it looks like hackers have already started exploiting. In the most recent case though we are still not quite sure what the hacker was targeting. Recently we found a hacker probing for usage of the plugin bbPress Like Button, along with five other plugins at the same time. As we started looking over the plugins, one connection we found was that they all contained code that looked susceptible to SQL injections. That type of vulnerability is not one we often see target by hackers, so it is possible there is an additional issue with the plugin.

The vulnerable code can be found the file /json_logs.php whenre the extract() function is used to set variable from POST inputs and then those are used in a SQL query without any sanitization or the query being parametrized: [Read more]