WordPress Level Four Storefront SQL Injection

2013-03-25T00:00:00
ID PACKETSTORM:120950
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-03-25T00:00:00

Description

                                        
                                            `######################################################  
# Exploit Title: wordpress plugin v3 level four storefront SQL injection Vulnerability   
#  
# Exploit Author: Ashiyane Digital Security Team  
#  
# Home : www.Ashiyane.org  
#  
# Vendor Homepage: www.clubhousenairn.co.uk  
#  
# Software Link: www.levelfourstorefront.com  
#  
# version:3  
#  
# Tested on: Windows 7  
#  
# Dork: inurl:"/wp-content/plugins/levelfourstorefront" & intext:Warning: mysql_query()  
#  
=================================  
#Location:site//wp-content/plugins/levelfourstorefront/getsortmanufacturers.php?id=[SQL]  
#  
#  
#DEm0:http://www.550arts.com/wp-content/plugins/levelfourstorefront/getsortmanufacturers.php?id=1  
#  
#Vulnerable code : in getsortmanufacturers.php   
#####################################  
======================================  
* Greetz to: My Lord Allah   
* Sp Tnx To:  
Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in,B4b4K KH4TaR,sil3nt and all  
Ashiyane Security [ Researcher Team AND Deface Team ]  
  
* The Last One : My Self, tr0janman  
*******  
##########################  
  
  
`