Tag Archive for Worpress RLSWordPressSearch Eklentisi SQL injection Açığı

WordPress RLSWordPressSearch plugin SQL Injection

WordPress RLSWordPressSearch eklentisinde SQL injection açığı bulundu. SQL injectionun scriptteki oluşum yeri ve açık hakkında açık bulucunun bilgilendirmesi şu şekilde yer almaktadırdır.

##############
# Exploit Title : WordPress RLSWordPressSearch plugin SQL Injection
#
# Exploit Author : Ashiyane Digital Security Team
#
# Home : ww.ashiyane.org
#
# Security Risk : MEdium - SQL Injection
#
# Dork : inurl:wp-content/plugins/RLSWordPressSearch/register.php?a=
#
##############
#Location:site/wp-content/plugins/RLSWordPressSearch/register.php?a=[num]&agentid=[SQL]
#
#
##############
#Greetz to: My Lord ALLAH
##############
#
# Amirh03in
#
##############