Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-11530 PoC — WordPress Chop Slider SQL注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-11530.yaml
Associated Vulnerability
Title:WordPress Chop Slider SQL注入漏洞 (CVE-2020-11530)
Description:WordPress是WordPress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。Chop Slider是使用在其中的一个jQuery滑块插件。 WordPress Chop Slider 3版本中的get_script/index.php文件的‘id’ GET参数存在SQL注入漏洞。攻击者可利用该漏洞在WP数据库中执行任意SQL查询。
Description
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
File Snapshot

 id: CVE-2020-11530

info:
  name: WordPress Chop Slider 3 - Blind SQL Injection
  author: theamanraw

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.