Exploit SQL injection and XSS in function data engine converter

optimocha / speed-booster-pack

Official Repository for Speed Booster Pack

GNU General Public License v2.0

22 stars 5 forks source link

Exploit SQL injection and XSS in function data engine converter #53

Closed quanhx11 closed 2 years ago

quanhx11 commented 2 years ago

A SQL Injection vulnerability and Cross Site Scripting caused SQL Injection vulnerability exists in version 4.3.2 of plugins speed booster pack of wordpress when MySQL or MariaDB is used as the application database.

(Redacted temporarily)

SOLUTION:

Avoid using the root user to connect the SQL database
Limit accesses of the SQL user to sensitive directories
Update PHP, WordPress core, and MySQL
Block SQL keywords using your server
Keep backups of your site off-site in case of irreversible damage
Update third-party plugins and themes

optimocha commented 2 years ago

Thank you for the input @quanhx11! I'm going to have to edit your comment to hide the exploit details until we release a fix, and afterwards I'll put it back. Stay tuned! 😎

quanhx11 commented 2 years ago

tks bro, contact to me if you have any questions 👍

optimocha commented 2 years ago

@quanhx11 we used the $wpdb->prepare() method to fix this issue. The new version will be released in the next few days.

quanhx11 commented 2 years ago

Hi @optimocha , I requested CVE ID for this bug, can you publicize this exploit? Thank you.

optimocha commented 2 years ago

@quanhx11 looks like it's already publicized: https://wpscan.com/vulnerability/4a27d374-f690-4a8a-987a-9e0f56bbe143