Bugtraq mailing list archives
Re: WordPress feed plugin Sql Injection
From: Henri Salo <henri () nerv fi>
Date: Mon, 8 Jul 2013 22:45:07 +0300
On Tue, Jul 02, 2013 at 12:01:15PM +0000, iedb.team () gmail com wrote:
The WordPress feed plugin suffers from a Sql Injection vulnerability. ################################# # Iranian Exploit DataBase # http://exploit.iedb.ir ################################# # Exploit Title : WordPress feed plugin Sql Injection # Author : Iranian Exploit DataBase # Discovered By : IeDb # Email : IeDb.Team () Gmail com # Home : http://exploit.iedb.ir # Software Link : http://wordpress.org/ # Security Risk : High # Tested on : Linux # Dork : inurl:wp-content/plugins/feed/ ################################# # Exploit : # http://www.Site.com/wp-content/plugins/feed/news_dt.php?nid=[Sql] # Dem0 : # http://easy2remind.com/newsworld/wp-content/plugins/feed/news_dt.php?nid=257[Sql] ################################# ################################# # Exploit Archive = http://exploit.iedb.ir/exploits-176.html #################################
Could you give us proper software link, thanks. There is no such plugin in WordPress plugin repository[1]. Is this non-free plugin? Searching for inurl:"/wp-content/plugins/feed/news_dt.php" only finds easy2remind.com website. 1: http://plugins.svn.wordpress.org/feed/ --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- WordPress feed plugin Sql Injection iedb . team (Jul 02)
- Re: WordPress feed plugin Sql Injection Henri Salo (Jul 08)