VDB-ID: 152
Title: Blind SQL Injection in wordpress plugin dukapress v2.5.9
Vulnerability Date: 2015-08-04
Download: http://wordpress.org/plugins/dukapress/
Vendor: dukapress.org
Notified: 2015-08-07
Vendor Contact: https://twitter.com/moshthepitt
Description: DukaPress is open source software that can be used to build online shops quickly and easily. DukaPress is built on top of WordPress, a world class content management system. DukaPress is built to be both simple and elegant yet powerful and scalable.
Vulnerability: The code in dukapress/download.php does not sanitize user input before passing via $_GET['id'] to query() allowing SQL to be injected.  The user is not required to be logged into wordpress in order to exploit this vulnerability.


9:$sql = "SELECT saved_name, real_name, count, TIMESTAMPDIFF(SECOND,sent_time,NOW()) as time_diff FROM `{$table_name2}` WHERE saved_name='{$_GET['id']}'";
.
.
.

26:    $wpdb->query("UPDATE {$table_name2} SET count={$download_count} WHERE saved_name='{$_GET['id']}'");

CVE-IDs: 2015-1000011
Exploit: 
URL: http://www.vapidlabs.com/advisory.php?v=152
Credit: Larry W. Cashdollar, @_larry0