WordPress Plugin Ocim MP3 – SQL Injection - 体验盒子

作者： xevil & Blankon33

日期： 2016-02-26

类别：

webapps

平台：

php

来源：https://www.exploit-db.com/exploits/39498/

========
Ocim MP3 Plugin SQL Injection Vulnerability
========

:----------------------------------------------------------------------------------------------------:
: # Exploit Title : Ocim MP3 Plugin SQL Injection Vulnerability
: # Date : 26 February 2016
: # Author : xevil and Blankon33
: # Vendor Site: http://www.ocimscripts.com/
: # Version:
: # Vulnerability : SQL Injection
: # Tested on : WordPress 4.4.2
: # Severity : High
:----------------------------------------------------------------------------------------------------:

Summary
========
Ocim MP3 is Plugin to make MP3 Grabber site based on WordPress.

Proof of Concept
========
Infected URL:
http://[Site]/[Path]/wp-content/plugins/ocim-mp3/source/pages.php?id=['SQLi]


Admin Panel:
http://[Site]/[Path]/oc-login.php

===========
Thanks to
===========
All Indonesian Hacker!!!