Wordpress Video Gallery

######################

# Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery

# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip

# Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense

# Date : 2015-04-04

# Tested on : Linux / Mozilla Firefox 

###################### 
 
# Description 
 
 Wordpress Video Gallery 2.8 suffers from SQL injection 
  
###################### 
 
# Vulnerability Disclosure Timeline: 
 
2015-04-04:  Discovered vulnerability 
2015-04-06:  Vendor Notification 
2015-04-07:  Vendor Response/Feedback  
2015-04-07:  Vendor Send Fix/Patch (same version number)  
2015-04-13:  Public Disclosure  
 
####################### 
 
Discovered By : Claudio Viviani 
                http://www.homelab.it 
                http://ffhd.homelab.it (Free Fuzzy Hashes Database) 
                 
                [email protected] 
                [email protected] 
 
                https://www.facebook.com/homelabit 
                https://twitter.com/homelabit 
                https://plus.google.com/+HomelabIt1/ 
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww 
 
#####################

Download Exploit: HERE