WordPress Mz-jajak plugin <= 2.1 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Mz-jajak plugin = 2.1 SQL Injection Vulnerability Date: 2012-08-10 Author: StRoNiX E-mail: [email protected] Software Link: http://downloads.wordpress.org/plugin/mz-jajak.zip Version: 2.1 tested --------------- PoC POST data...

WordPress Plugin Mz-jajak 2.1 - SQL Injection

Exploit Title: WordPress Mz-jajak plugin query"UPDATE " . $tablename . " SET ".$answert."=".$answert."+1 WHERE id=".$id; $rows = $wpdb-getresults"SELECT FROM " . $tablename . " WHERE id=".$id; Greetz: T0r3x, m1l05, JuMp-Er, EsC, UNICORN, Xermes, s4r4d0...