WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

wordpress_daily_edition_3

 

 

WordPress Daily Edition Theme v1.6.2 SQL Injection Security Vulnerabilities

 

Exploit Title: WordPress Daily Edition Theme v1.6.2 /fiche-disque.php id Parameters SQL Injection Security Vulnerabilities

Product: WordPress Daily Edition Theme

Vendor: WooThemes

Vulnerable Versions: v1.6.2

Tested Version: v1.6.2

Advisory Publication: Mar 07, 2015

Latest Update: Mar 07, 2015

Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]

CVE Reference: *

Impact CVSS Severity (version 2.0):

CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)

Impact Subscore: 6.4

Exploitability Subscore: 10.0

Credit: Wang Jing [Mathematics, Nanyang Technological University (NTU), Singapore]

 

 

 

Advisory Details:

(1) Vendor & Product Description:

Vendor:

WooThemes

 

Product & Version:

WordPress Daily Edition Theme

v1.6.2

 

Vendor URL & Download:

WordPress Daily Edition Theme can be got from here,

http://www.woothemes.com/products/daily-edition/

 

Product Introduction:

“Daily Edition WordPress Theme developed by wootheme team and Daily Edition is a clean, spacious newspaper/magazine theme designed by Liam McKay. With loads of home page modules to enable/disable and a unique java script-based featured scroller and video player the theme oozes sophistication"

“The Daily Edition theme offers users many options, controlled from the widgets area and the theme options page – it makes both the themes appearance and functions flexible. From The Daily Edition 3 option pages you can for example add your Twitter and Google analytics code, some custom CSS and footer content – and in the widgets area you find a practical ads management."

“Unique Features

These are some of the more unique features that you will find within the theme:

A neat javascript home page featured slider, with thumbnail previews of previous/next slides on hover over the dots.

A “talking points” home page that can display posts according to tags, in order of most commented to least commented. A great way to highlight posts gathering dust in the archives.

A customizable home page layout with options to specify how many full width blog posts and how many “box” posts you would like to display.

A javascript home page video player with thumbnail hover effect.

16 delicious colour schemes to choose from!"

 

 

(2) Vulnerability Details:

WordPress Daily Edition Theme web application has a  security bug problem. It can be exploited by SQL Injection attacks. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

(2.1) The code flaw occurs at “fiche-disque.php?" page with “&id" parameter.

 

 

 

 

References:

http://www.tetraph.com/security/sql-injection-vulnerability/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://securityrelated.blogspot.com/2015/03/wordpress-daily-edition-theme-v162-sql.html

http://www.inzeed.com/kaleidoscope/computer-web-security/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://diebiyi.com/articles/%E5%AE%89%E5%85%A8/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

https://itswift.wordpress.com/2015/03/07/wordpress-daily-edition-theme-v1-6-2-sql-injection-security-vulnerabilities/

http://seclists.org/fulldisclosure/2015/Mar/27

http://packetstormsecurity.com/files/130075/SmartCMS-2-SQL-Injection.html

 

 

 

Leave a comment

你的電子郵件位址並不會被公開。 必要欄位標記為 *

你可以使用這些 HTML 標籤與屬性: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>