The exploit demonstrates an SQL injection vulnerability in the Kakao theme for WordPress by injecting a malicious SQL query via the 'ID' parameter in 'sonHaberler.php'. The query extracts user credentials from the 'wp_users' table using 'group_concat'.
Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:Kakao theme for WordPress
No auth needed
Prerequisites:Access to the vulnerable WordPress site with the Kakao theme installed