I'm testing a wordpress site with the jetpack plugin installed. According to: https://www.exploit-db.com/exploits/18126/ this plugin should be vulnerable to SQL injection (found with sqlmap) but when running the last updated version of the tool against the target, it says that parameters "id" and "1" are not injectable but exploit DB say otherwise... level and risk switches are on maximum values... Any ideas?
Asked
Active
Viewed 964 times
1
-
One thing to note is that EDB did not confirm that it is legitimate, so it may well be a false positive. The X there means they didn't confirm it. If you see a checkmark there, EDB confirmed it is legitimate. – h4ckNinja May 07 '16 at 20:24
-
I completely ignored the verified status. Sorry. – Belial May 08 '16 at 14:18
1 Answers
1
Several things to keep in mind:
- The exploit has not been confirmed at exploit-db.com as stated by Michael in the comments.
- The server could be running a WAF that returns 200 OK headers to confuse SQLMap.
- The server could be running something that filters out "bad" characters in POST/GET request which in result voids the exploit.
Try executing the exploit manually or with a tool such as Postman in Google Chrome. That way you have a better view of what the server is returning.
Technidev
- 78
- 5