######################
# Exploit Title : WordPress wpDataTables 1.5.3 and below SQL Injection Vulnerability
# Exploit Author : Claudio Viviani # Software Link : http://wpdatatables.com (Premium)
# Date : 2014-11-22
# Tested on : Windows 7 / Mozilla Firefox
Windows 7 / sqlmap (0.8-1)
Linux / Mozilla Firefox
Linux / sqlmap 1.0-dev-5b2ded0
######################
# Description
Wordpress wpDataTables 1.5.3 and below suffers from SQL injection vulnerability
"table_id" variable is not sanitized.
File: wpdatatables....
Info # Exploit Title : Joomla HD FLV Player 2.1.0.1 and below SQL Injection
#
# Exploit Author : Claudio Viviani
#
# Vendor Homepage : http://www.hdflvplayer.net/
#
# Software Link : http://www.hdflvplayer.net/download_count.php?pid=5
#
# Dork google 1: inurl:/component/hdflvplayer/
# Dork google 2: inurl:com_hdflvplayer #
# Date : 2014-11-11
#
# Tested on : BackBox 3.x/4.x
#
# Info: The variable "id" is not sanitized (again)
# Over 80.000 downloads (statistic reported on official site)
#
#
# Video Demo: http://youtu....
######################
# Exploit Title : WordPress Spider Facebook 1.0.8 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://downloads.wordpress.org/plugin/spider-facebook.1.0.8.zip
# Date : 2014-08-25
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
# Linux / sqlmap 1.0-dev-5b2ded0
######################
# Location : http://localhost/wp-content/plugins/plugins/spider-facebook/facebook.php
######################
# Vulnerable code :
function Spider_Facebook_manage()
{
require_once("facebook_manager.php");
require_once("facbook_manager.html.php");
if(!function_exists ('print_html_nav' ))
require_once("nav_function/nav_html_func....
######################
# Exploit Title : WordPress GB Gallery Slideshow 1.5 Authenticated SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://gb-plugins.com/
# Software Link : http://downloads.wordpress.org/plugin/gb-gallery-slideshow.1.5.zip
# Date : 2014-08-09
# Tested on : Linux / sqlmap 1.0-dev-5b2ded0
Linux / Mozilla Firefox
######################
# Location : http://localhost/wp-content/plugins/gb-gallery-slideshow/GBgallery.php
######################
# Vulnerable code :
if(isset($_POST['selected_group'])){
global $gb_post_type, $gb_group_table, $wpdb;
$my_group_id = $_POST['selected_group'];
$my_group = $wpdb->get_results( "SELECT groups FROM $gb_group_table WHERE id = "....