WordPress Theme Photocrati 4.x – SQL Injection / Cross-Site Scripting

• Exploit Database
• 18 阅读

• 作者： ayastar
  日期： 2015-03-03
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/36242/

• # Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
  # Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
  # Date: [23 / 09 / 2011 ]
  # Exploit Author: [ ayastar ]
  # Email : dmx-ayastar@hotmail.fr
  # Software Link: [ http://www.photocrati.com ]
  # Version: [4.X.X]
  # Tested on: [ windows 7 ]
  
  
  --------
  details |
  =======================================================
  Software : photocrati
  version : 4.X.X
  Risk : High
  remote : yes
  
  attacker can do a remote injection in site URL to get some sensitive information .
  almost all version are infected by this vunl. 
  =======================================================
  Exploit code :
  http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]
  
  greetz to all muslims and all tryag member's 
  :) from morocco