On Tue, Jul 02, 2013 at 12:01:15PM +0000, iedb.team@xxxxxxxxx wrote: > The WordPress feed plugin suffers from a Sql Injection vulnerability. > > ################################# > > # Iranian Exploit DataBase > > # http://exploit.iedb.ir > > ################################# > > # Exploit Title : WordPress feed plugin Sql Injection > > # Author : Iranian Exploit DataBase > > # Discovered By : IeDb > > # Email : IeDb.Team@xxxxxxxxx > > # Home : http://exploit.iedb.ir > > # Software Link : http://wordpress.org/ > > # Security Risk : High > > # Tested on : Linux > > # Dork : inurl:wp-content/plugins/feed/ > > ################################# > > # Exploit : > > # http://www.Site.com/wp-content/plugins/feed/news_dt.php?nid=[Sql] > > # Dem0 : > > # http://easy2remind.com/newsworld/wp-content/plugins/feed/news_dt.php?nid=257[Sql] > > ################################# > > ################################# > > # Exploit Archive = http://exploit.iedb.ir/exploits-176.html > > ################################# Could you give us proper software link, thanks. There is no such plugin in WordPress plugin repository[1]. Is this non-free plugin? Searching for inurl:"/wp-content/plugins/feed/news_dt.php" only finds easy2remind.com website. 1: http://plugins.svn.wordpress.org/feed/ --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
