WordPress FAdvertisement SQL Injection

WordPress Fadvertisement plugin suffers from a remote SQL injection vulnerability.


MD5 | a46772b9b6ec99257d3e05a6b84059f3

[+] Title: WordPress FAdvertisement Plugin Sql Injection Vulnerability
[+] Date: 2017/08/13
[+] Author: APA Golestan - GuCert
[+] Vendor Homepage: www.WordPress.org
[+] Tested on: Windows 10 & Kali Linux
[+] Vulnerable File: /Redirect.php
[+} Dork : inurl:/wp-content/plugins/FAdvertisement/Redirect.php?id=
### POC:

[+}
http://site/wp-content/plugins/FAdvertisement/Redirect.php?id=[SQL-Injection]

### Demo:

[+]
http://negaheghtesadi.ir/wp-content/plugins/FAdvertisement/Redirect.php?id=11
'

### Credit:
[+] Gucert.ir



================================
thank you for all packetstormsecurity admins d

Related Posts