CVE-2019-14314 PoC — WordPress Imagely NextGEN Gallery插件SQL注入漏洞

Source

https://github.com/imthoe/CVE-2019-14314

Associated Vulnerability

Title:WordPress Imagely NextGEN Gallery插件SQL注入漏洞 (CVE-2019-14314)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Imagely NextGEN Gallery是使用在其中的一个图片库插件。 WordPress Imagely NextGEN Gallery插件3.2.11之前版本中存在SQL注入漏洞。远程攻击者可借助modules/nextgen_gallery_display/package.module.nextgen_gallery_display.php文件利用该漏洞在受

Description

CVE-2019-14314 - NextGEN Gallery 3.2.10 Authenticated SQL Injection

Readme

# CVE-2019-14314
CVE-2019-14314 - NextGEN Gallery 3.2.10 Authenticated SQL Injection

# Usage

```
usage: cve_2019_14314.py [-h] url login_user login_pass username

CVE-2019-14314 Hash Extractor

positional arguments:
  url         Wordpress blog URL
  login_user  Username to login with
  login_pass  Password to login with
  username    Username to extract Password Hash from

optional arguments:
  -h, --help  show this help message and exit
```

Credit: https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html

File Snapshot


 [4.0K]  /data/pocs/2e808f210cc4a8a5ba72a51e26b6aaddd654f1bf
├── [4.6K]  cve_2019_14314.py
└── [ 554]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!