The key was really a hashed version of the plugin’s installation timestamp, according to Montpas, and to determine it, all an attacker would have to do is go to a site that caches information about when sites were started, like the Internet Archive. This narrows values down considerably and once an attacker has secured the key, they could pair it with timestamps coming from the plugin—easily obtainable, they’re included on the vulnerable site’s homepage—and perform a blind SQL injection.Once a hacker knows the key they can take it attach a payload and MD5 it to pass the site’s validity check and extract data from its database.
WordPress Sites Vulnerable to Plugin-Related SQL Attacks | Threatpost | The first stop for security news
Indiĝenaj Inteligenteco 