WordPress FAdvertisement Plugin - SQL Injection Vulnerability

WordPress FAdvertisement Plugin - SQL Injection Vulnerability
[+] Title: WordPress FAdvertisement Plugin Sql Injection Vulnerability
[+] Date: 2017/08/13
[+] Author: APA Golestan - GuCert
[+] Vendor Homepage: www.WordPress.org
[+] Tested on: Windows 10 & Kali Linux
[+] Vulnerable File: /Redirect.php
[+} Dork : inurl:/wp-content/plugins/FAdvertisement/Redirect.php?id=
### POC:

[+}
https://site/wp-content/plugins/FAdvertisement/Redirect.php?id=[SQL-Injection]

### Demo:

[+]
https://negaheghtesadi.ir/wp-content/plugins/FAdvertisement/Redirect.php?id=11
'

### Credit:
[+] Gucert.ir

Related Post