WordPress ArribaLaEsteban SQL Injection

2012-11-19 / 2012-11-20

Credit: Ashiyane Digital Security Team

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: inurl:/estadisticas/fichajugador.php

# Exploit Title:Wordpress ((|))
# ArribaLaEsteban theme SQL Injection Vulnerability ((|))
# Google Dork: inurl:/estadisticas/fichajugador.php #
# Exploit Author: Ashiyane Digital Security Team #
# Category: Web Application #
# Tested on: Windows 7 #
#* Location: http://site.com/wp-content/plugins/wp-content #
#* /ArribaLaEsteban/estadisticas/fichajugador.php?j=[SQLi] #
#* Demo: http://www.baloncestoconp.es/wp-content/themes/ #
#* ArribaLaEsteban/estadisticas/ #
#* fichajugador.php?j=13&e=109&c=8%27 #
#* Greetz to: * My lord ALLAH * #
#* Sp Tnx To: Muslims From All Over The World #
#* Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,,ERroR #
#* 0x21HATE,A.S.P.I.R.I.N,am118,Angel--D3m0n,angola,AR455,Azad #
#* Black-Hole,Classic,Encoder,HASSAN20,HidDeEn,hossein19123 #
#* jooooondost,Kaz3m,ll_Invisible_ll,majidflash,megacpu #
#* MehrdadLinux,Milad-Bushehr,MostafaBestMan,MR.SAMAN,Mute,N4H #
#* Pr0grammer,PrinceofHacking,Rizux,Rz04,S!YOU.T4r.6T,Sil3nt Di3#
#* The Smith,unique2world,Unline,V!T0N,X-HIDDEN-X ((|)) #
#* Crypt0,khatarnak,Milad22,MR.Vinci,Pirjo,V1R4N64R * ((|)) * #
#* And All Of My Friends -|- ((|)) -|-#
#* The Last One : My Self, Milwar /|\ ((|)) /|\#

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress ArribaLaEsteban SQL Injection

Dork: inurl:/estadisticas/fichajugador.php

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.