WordPress NextGEN Smooth Gallery Blind SQL Injection Vulnera
Posted on 03 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>WordPress NextGEN Smooth Gallery Blind SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>================================================================== WordPress NextGEN Smooth Gallery Blind SQL Injection Vulnerability ================================================================== ############################################################################################################# ## WordPress NextGEN Smooth Gallery BLIND SQL injection ## ## Author : kaMtiEz (kamzcrew@yahoo.com) ## ## Homepage : http://www.indonesiancoder.com ## ## Date : 03 August, 2010 ## ############################################################################################################# [ Software Information ] [+] Vendor : http://uninuni.com/ [+] Download : http://downloads.wordpress.org/plugin/nextgen-smooth-gallery.1.2.zip [+] version : 1.2 or lower maybe also affected [+] Vulnerability : BLIND SQL [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ############################################################################################################# [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=[VALID ID][BLIND-SQL] [ DEMO ] http://dc.streetsblog.org/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=31[BLIND-SQL] http://www.tetonat.com/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=34[BLIND-SQL] http://pittsburghsfavoritearchitecture.com/dp2009/wp-content/plugins/nextgen-smooth-gallery/nggSmoothFrame.php?galleryID=2[BLIND-SQL] [ FIX ] dunno :"> ############################################################################################################# [ Thx TO ] [+] INDONESIAN CODER TEAM MainHack MAGELANG CYBER ServerIsDown SurabayaHackerLink IndonesianHacker MC-CREW IH-CREW [+] tukulesto,M3NW5,arianom,N4CK0,Jundab,d0ntcry,bobyhikaru,gonzhack,senot,Jack-,Hakz,pl4nkt0n [+] Contrex,YadoY666,bumble_be,MarahMeraH,newbie_043,Pathloader,cimpli,MarahMerah.IBL13Z,r3m1ck [+] Coracore,Gh4mb4s,Jack-,vYcOd,ayy,otong,CS-31,yur4kh4,MISTERFRIBO,GENI212,anharku,isarock [ NOTE ] [+] WE ARE ONE UNITY, WE ARE A CODER FAMILY, AND WE ARE INDONESIAN CODER TEAM [+] Menyambut kemerdekaan INDONESIA .. MERDEKA !! [+] Selamat Menyambut datangnya bulan ramadhan :D [+] sendiri di malam hari sambil merokok menikmati indahnya pagi ;) [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure .. # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-03]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
