WordPress NEX-Forms 3.0 SQL Injection Vulnerability

Wordpress Nex-Forms

######################

# Exploit Title : WordPress NEX-Forms 3.0 SQL Injection Vulnerability

# Exploit Author : Claudio Viviani

# Website Author: http://www.homelab.it
                  http://archive-exploit.homelab.it/1 (Full HomelabIT Vulns Archive)

# Vendor Homepage : https://wordpress.org/plugins/nex-forms-express-wp-form-builder/

# Software Link : https://downloads.wordpress.org/plugin/nex-forms-express-wp-form-builder.3.0.zip

# Dork Google: inurl:nex-forms-express-wp-form-builder
#              index of nex-forms-express-wp-form-builder

# Date : 2015-03-29

# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox

######################

# Info:

 The "submit_nex_form" ajax function is affected from SQL Injection vulnerability
 

# PoC Exploit:

                                ----- DOWNLOAD EXPLOIT HERE -----


#####################

Discovered By : Claudio Viviani
                http://www.homelab.it
                http://ffhd.homelab.it (Free Fuzzy Hashes Database)
 
                info@homelab.it
                homelabit@protonmail.ch

                https://www.facebook.com/homelabit
                https://twitter.com/homelabit
                https://plus.google.com/+HomelabIt1/
                https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww

#####################

  • Паша Техник

    Google dorks doesnt works