WordPress Plugin Ocim MP3 - SQL Injection

Author: xevil & Blankon33
type: webapps
platform: php
port: 80.0
date_added: 2016-02-26 
date_updated: 2016-02-26 
verified: 1 
codes:  
tags: WordPress Plugin
aliases:  
screenshot_url:  
application_url: 

========
Ocim MP3 Plugin SQL Injection Vulnerability
========

:----------------------------------------------------------------------------------------------------:
: # Exploit Title : Ocim MP3 Plugin SQL Injection Vulnerability
: # Date : 26 February 2016
: # Author : xevil and Blankon33
: # Vendor Site: http://www.ocimscripts.com/
: # Version:
: # Vulnerability : SQL Injection
: # Tested on : Wordpress 4.4.2
: # Severity : High
:----------------------------------------------------------------------------------------------------:

Summary
========
Ocim MP3 is Plugin to make MP3 Grabber site based on Wordpress.

Proof of Concept
========
Infected URL:
http://[Site]/[Path]/wp-content/plugins/ocim-mp3/source/pages.php?id=['SQLi]


Admin Panel:
http://[Site]/[Path]/oc-login.php

===========
Thanks to
===========
All Indonesian Hacker!!!