CVE-2022-0760 PoC — WordPress plugin Simple Link Directory SQL注入漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-0760.yaml

Associated Vulnerability

Title:WordPress plugin Simple Link Directory SQL注入漏洞 (CVE-2022-0760)
Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin Simple Link Directory 7.7.2 版本之前存在SQL注入漏洞，该漏洞源于通过 AJAX 请求 qcopd_upvote_action 函数传递的参数 post_id 在用于SQL语句之前，没有经过验证和转义。任何未经身份验证的攻击者可以通过该

Description

WordPress Simple Link Directory plugin before 7.7.2 contains a SQL injection vulnerability. The plugin does not validate and escape the post_id parameter before using it in a SQL statement via the qcopd_upvote_action AJAX action, available to unauthenticated and authenticated users. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.

File Snapshot


 id: CVE-2022-0760

info:
  name: WordPress Simple Link Directory <7.7.2 - SQL injection
  author: th

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!