Wordpress Ajax Store Locator

######################

# Exploit Title : WordPress Ajax Store Locator <= 1.2 SQL Injection Vulnerability

# Exploit Author : Claudio Viviani

# Vendor Homepage : http://codecanyon.net/item/ajax-store-locator-wordpress/5293356

# Software Link : Premium

# Dork Google: inurl:ajax-store-locator
#              index of ajax-store-locator 

# Date : 2015-03-29

# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox

######################

# Info:

 The "sl_dal_searchlocation_cbf" ajax function is affected from SQL Injection vulnerability
 
 "StoreLocation" var is not sanitized

##################### 
 
Discovered By : Claudio Viviani 
                http://www.homelab.it
                http://ffhd.homelab.it (Free Fuzzy Hashes Database)
         
                [email protected] 
                [email protected] 
 
                https://www.facebook.com/homelabit 
                https://twitter.com/homelabit 
                https://plus.google.com/+HomelabIt1/ 
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww 
 
#####################

Download Exploit: HERE