######################
# Exploit Title : WordPress Video Gallery 2.8 SQL Injection Vulnerabilitiy
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://www.apptha.com/category/extension/Wordpress/Video-Gallery
# Software Link : https://downloads.wordpress.org/plugin/contus-video-gallery.2.8.zip
# Dork Google: inurl:/wp-admin/admin-ajax.php?action=googleadsense
# Date : 2015-04-04
# Tested on : Linux / Mozilla Firefox
######################
# Description
Wordpress Video Gallery 2.8 suffers from SQL injection
######################
# Vulnerability Disclosure Timeline:
2015-04-04: Discovered vulnerability
2015-04-06: Vendor Notification
2015-04-07: Vendor Response/Feedback
2015-04-07: Vendor Send Fix/Patch (same version number)
2015-04-13: Public Disclosure
#######################
Discovered By : Claudio Viviani
http://www.homelab.it
http://ffhd.homelab.it (Free Fuzzy Hashes Database)
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
Download Exploit: HERE