Leaflet Wikitude SQL injection

  • Resolved zerpex

    (@zerpex)


    13 years, 3 months ago

    Hello,

    I just want to inform you guys, that Leaflet-wikitude.php is open for any kind of SQL injection, maybe it would be nice to fix 🙂

    the above get request have been seen on multiple blogs running this plugin, what it does, is to select the user_activation_key from the wp_users table, why is this useful?

    You see, people can request a password reset, this will add this user_activation_key to the database, if people can inject the site, to get access to this activation key, it will be possible to get into a WP site, and do weird stuff.

    So please, take a look at the leaflet-wikitude file, and protect it against SQL injection. This is a serious security issue.

    http://ww.wp.xz.cn/extend/plugins/leaflet-maps-marker/

Viewing 7 replies - 1 through 7 (of 7 total)
  • Plugin Author Robert Seyfriedsberger

    (@harmr)

    13 years, 3 months ago

    Hi,
    This was a known issue (although I couldnt reproduce this on my server) and is already fixed with v3.5 – please update your installations…
    Thanks anyway for reporting!
    Regards,
    Robert

    Thread Starter zerpex

    (@zerpex)

    13 years, 3 months ago

    Where can I check the version if I don’t have admin access (only shell), what I see in the readme.txt is:

    Contributors: harmr
    Plugin Name: Leaflet Maps Marker
    Plugin URI: http://www.mapsmarker.com
    Tags: Google Maps, OpenStreetMap, OSM, bing maps, googlemaps, google earth, map, maps, kml, travel, location, augmented-reality
    Author URI: http://www.harm.co.at
    Author: Robert Harm
    Donate link: http://www.mapsmarker.com/donations
    Requires at least: 3.0
    Tested up to: 3.6-alpha-23288
    Stable tag: 3.5
    License: GPLv2

    The above, the Stable tag: 3.5 is one of the sites that got hacked, during SQL injection.

    Best regards,
    Lucas R

    Plugin Author Robert Seyfriedsberger

    (@harmr)

    13 years, 3 months ago

    To forum administrators: please edit the first post from this thread removing the info on how this – already fixed with v3.5 – security issue can be exploited. As many users dont upgrade that quickly, I think that this might be better for security overall.

    Thanks!

    Thread Starter zerpex

    (@zerpex)

    13 years, 3 months ago

    Hi Robert,

    I removed the example, sorry

    Best regards,
    Lucas R

    Plugin Author Robert Seyfriedsberger

    (@harmr)

    13 years, 3 months ago

    Hi Luca,
    You already have v3.5 installed where this issue is fixed – the Kind of attackiert you described is not possible with this version anymore as I make a string replacement off all Charakters for layer or marker Parameter now
    Best,
    Robert

    Thread Starter zerpex

    (@zerpex)

    13 years, 3 months ago

    Okay, thanks.

    Let’s hope this is fixed! 😀 Because I know a lot of people use the plugin (It’s a awesome plugin btw), so high security is important IMO

    Plugin Author Robert Seyfriedsberger

    (@harmr)

    13 years, 3 months ago

    Security is an important issue for me. The plugin has been audited in the past already, but as I see security as a process, I will always try to improve it…
    best,
    Robert

Viewing 7 replies - 1 through 7 (of 7 total)

The topic ‘Leaflet Wikitude SQL injection’ is closed to new replies.