[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WordPress Plugin myLDlinker SQL Injection Vulnerability
# Published : 2010-07-22
# Author : H-SK33PY
# Previous Title : PHPBB MOD [2.0.19] Invitation Only (PassCode Bypass vulnerability)
# Next Title : phpBazar admin Information Disclosure Vulnerability
010101010101010101010101010101010101010101010101010101010
0 0
1 Iranian Datacoders Security Team 2010
0 0
010101010101010101010101010101010101010101010101010101010
# Exploit Title: Word Press SQL Injection ( in myLDlinker.php Plugin )
# Date: 23/07/2010
# Author: H-SK33PY
# Software Link: http://www.wordpress.com/
# Version: 2.9.2
# Google dork :inurl:"myLDlinker.php"
# Platform / Tested on: linux
# Category: Expliot code
# Code : [SQLi]
#BUG:#########################################################################
After find plugin at sites run SQL Inject :
example : http://site.com/myLDlinker.php?url=18[SQLi]
#############################################################################
Website : http://www.datacoders.ir
Special Thanks to : ccC0d3rZzz & AGT & all iranian datacoders members
#############################################################################