Blind sql injuction in Wordpress : (#DH)
Lets take a look into the new yoad vulnerabilityin wordpress:
 |
| web hacking, wordPress hacking, SQL Injuction for WordPress. |
Editor or Author privileged users only.
Attack vector:
To exploit this, attacker needs to trigger the exploit from authorized users only. This can be achieved with the help of social engineering,
where an attacker can trick authorized user to click on a specially crafted payload exploitable URL.
Payload of Blind SQL Injection vulnerability in ‘WordPress SEO by Yoast’,
which is as follows:
''
http://victim-wordpress-website.com/wp-
admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c (select%20*%20from%20(select(sleep(10)))a)&or
der=asc
''
Solution:
WordPress SEO by Yoast (1.7.4) by Yoast
WordPress plugin has patched this.
If you have installed WordPress 3.7 versio
n and above, then you can enable fully automate updating of your plugins and themes from
Manage > Plugins & Themes > Auto Updates tab.
1 comments:
Hey Guys !
USA Fresh & Verified SSN Leads AVAILABLE with best connectivity
All Leads have genuine & valid information
**HEADERS IN LEADS**
First Name | Last Name | SSN | Dob | DL Number |Address | State | City | Zip | Phone Number | Account Number | Bank Name
*Price for SSN lead $2
*You can ask for sample before any deal
*If anyone buy in bulk, we can negotiate
*Sampling is just for serious buyers
==>ACTIVE & FRESH CC FULLZ ALSO AVAILABLE<==
->$5 PER EACH
->Hope for the long term deal
->Interested buyers will be welcome
**Contact 24/7**
Whatsapp > +923172721122
Email > leads.sellers1212@gmail.com
Telegram > @leadsupplier
ICQ > 752822040
Post a Comment