WordPress Plugin myLDlinker - SQL Injection

EDB-ID:

14441


Author:

H-SK33PY

Type:

webapps


Platform:

PHP

Date:

2010-07-22


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

   010101010101010101010101010101010101010101010101010101010    
   0                                                       0
   1  Iranian Datacoders Security Team 2010
   0                                                       0
   010101010101010101010101010101010101010101010101010101010


# Exploit Title: Word Press SQL Injection ( in myLDlinker.php Plugin )                   
# Date: 23/07/2010                             
# Author: H-SK33PY                      
# Software Link: http://www.wordpress.com/
# Version: 2.9.2
# Google dork :inurl:"myLDlinker.php"
# Platform / Tested on: linux
# Category: Expliot code
# Code : [SQLi]

#BUG:#########################################################################

After find plugin at sites run SQL Inject :


example : http://site.com/myLDlinker.php?url=18[SQLi]


#############################################################################
Website : http://www.datacoders.ir

Special Thanks to : ccC0d3rZzz & AGT & all iranian datacoders members

#############################################################################