1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Wordpress security threat [ Foca Gallery - plugin ]

Discussion in 'BlackHat Lounge' started by emptyzero, May 8, 2013.

  1. emptyzero

    emptyzero Regular Member

    Joined:
    Aug 13, 2012
    Messages:
    297
    Likes Received:
    162
    hello, their is an sql injection vuln in Foca Gallery plugin,

    Code:
    Exploitation : http://localhost/wp-content/plugins/fgallery/fim_rss.php?album={id} Injection Here
    i advice updating the plugin or uninstalling it temporary until a fix is available.


    exploit source:
    Code:
    [/COLOR][URL="http://dz-l33ts.com/exploits.php?id=21"][COLOR=#ffffff]http://dz-l33ts.com/exploits.php?id=21[/COLOR][/URL][COLOR=#ffffff]
    emptyzero