# Exploit Title: Wordpress Dynamic Font Replacement 1.3 plugin SQL Injection Vulnerability
# Date: 2013-01-27
# Author: bd0rk
#Software Link: http://downloads.wordpress.org/plugin/dynamic-font-replacement-4wp.zip
# Version: 1.3 EN
# Category:: web applications
# Google dork: n/a -->script-kiddieprotected
# Tested on: Windows and Ubuntu-Linux
----------------------------------------------------------------------------
Vulnerable code infile /admin/listings.php
SQL Injection Parameter: 'id'
[+]spl0iT: http://[target]/wp-content/plugins/dynamic-font-replacement-4wp/admin/listings.php?id=[SQLInjection-Code]
----------------------------------------------------------------------------
Greetings from cold Germany, bd0rk.
==> REST IN PEACE AARON SWARTZ <==
//The information contained within this publication is
//supplied "as-is"with no warranties or guarantees of fitness
//of use or otherwise. Bot24, Inc nor Bradley Sean Susser accepts
//responsibility for any damage caused by the use or misuse of
//this informatio