A blind SQL Injection vulnerability is detected in the commercial Wordpress Facebook Survey Pro Plugin.The vulnerability allows an attacker (remote) or local low privileged user account to execute a SQL commands on the affected application dbms. The blind sql injection vulnerability is located in index.php file (timeline module) with the bound vulnerable id parameter. Successful exploitation of the vulnerability results in dbms & application compromise. Exploitation requires no user interaction & without privileged application user account.
The SQL injection vulnerability can be exploited by remote attackers without privileged application user accounr and without
required user inter action. For demonstration or reproduce ...
PoC:
http://[SERVER]/[WORDPRESS]/wp-content/plugins/plugin-dir/timeline/index.php?id=1'-1 union select 1,2,3,4,5[SQL-Injection]--
Disclosure Timeline:
2012-11-18: Public Disclosure