9 matches found
SuperStoreFinder 3.7 XSS / CSRF / Command Execution
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ .:. Exploit Title SuperStoreFinder - Multiple Vulnerabilities .:. Google Dorks .:. "designed and built by Joe Iz." "Super Store Finder is designed and built by Joe Iz from Highwarden Huntsman." inurl:/superstorefinder/index.php ....
SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections
The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=select&ssfwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=select&ssfwpid...
SuperStoreFinder & SuperInteractiveMaps - Unauthenticated SQL Injections
The ssf-social-action.php and sim-wp-data.php files from the respective superstorefinder-wp = 5.0.12 AND time-based blind query SLEEP Payload: action=selectwpid=1 AND SELECT 7900 FROM SELECTSLEEP5gxXh Type: UNION query Title: Generic UNION query NULL - 7 columns Payload: action=selectwpid=1 UNION...
WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection
?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Date :...
WordPress SuperStoreFinder / SuperInteractiveMaps 6.3 SQL Injection Vulnerability
?php Title : SuperStoreFinder & SuperInteractiveMaps Wordpress Plugin SQL Injection Researcher : Eagle Eye Exploit Name : SSF & SIM SQL Injection Request type : POST Plugin Author : Joe lz Plugin Website : https://superstorefinder.net/ Version Affected : All version include latest 6.3 Tested on :...
WordPress SuperStoreFinder Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. A cross-site request forgery vulnerability exists in WordPress SuperStoreFinder. An attacke...
SuperStoreFinder Plugins - Unauthenticated Arbitrary File Upload
The SuperStoreFinder premium WordPress plugins did not properly check file uploads, depending on the plugin, only checking for the mime type and/or the first extension of the file name. An attacker could set the Content-Type header to "Content-Type: text/csv", as well as use a double extension to...
SuperStoreFinder Plugins - Unauthenticated Arbitrary File Upload
The SuperStoreFinder premium WordPress plugins did not properly check file uploads, depending on the plugin, only checking for the mime type and/or the first extension of the file name. An attacker could set the Content-Type header to "Content-Type: text/csv", as well as use a double extension to...
WordPress SuperStoreFinder 6.1 CSRF / Shell Upload
Exploit Title : SuperStoreFinder Wordpress Plugins CSRF File Upload Wordpress Plugins Affected : Super Store Finder | Super Interactive Maps | Super Logo Showcase Exploit Type : Cross Site Request Forgery Plugin URI: http://www.superstorefinder.net/ Version : All versions from 6.1 and below , sho...