The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied data in the total_service parameter of the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), prior to using it in a dynamically constructed SQL query. As a result, unauthenticated attackers can conduct an SQL injection attack to dump sensitive data from the backend database such as usernames and password hashes. This Metasploit module uses this vulnerability to dump the list of WordPress users and their associated email addresses and password hashes for cracking offline.
29ecfa5e38864b30d4aa9450311eb83d8df5628e2fbd5acbfcbc4a942cf3b816
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed