WordPress Lead Octopus plugin versions prior to 1.1.1 suffer from a remote SQL injection vulnerability. Note that this finding houses site-specific data. NOTE: The author of this plugin has contacted Packet Storm and claims they have fixed this issue as of 2014/12/07. The fixed version is 1.1.1.
e229e4737c7358e8d3d774eb912c332444859671ff6cfb1f926797bc8f4fcf09##############
# Exploit Title : Wordpress Lead-Octopus-Power plugin SQL INJECTION
#
# Exploit Author : Ashiyane Digital Security Team
#
# vendor Home : http://wordpress.org/
#
# Home : www.Ashiyane.org
#
# Security Risk : HIgh
#
# Dork : inurl:wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php?id=
#
##############
#Location : wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php?id=[SQL]
#
#
#Dem0:
# http://www.smurfsvillagesecrets.com/wp-content/plugins/Lead-Octopus-Power/lib/optin/optin_page.php?id=2
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed