######################
# Exploit Title : WordPress Ajax Store Locator <= 1.2 SQL Injection Vulnerability
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356
# Software Link : Premium
# Dork Google: inurl:ajax-store-locator
# index of ajax-store-locator
# Date : 2015-03-29
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# Info:
The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability
"StoreLocation" var is not sanitized
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
http://ffhd.homelab.it (Free Fuzzy Hashes Database)
[email protected]
[email protected]
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
Download Exploit: HERE