SQL injections can compromise the entire website, allowing attackers to steal data, alter content, or gain administrative access. Real-world examples include attackers using SQL injections to extract user credentials, inject malware, or deface websites. The “Search & Replace” plugin’s vulnerability exemplifies how even widely-used tools can become vectors for such attacks.
CVE | CVE-2024-0756 |
Plugin | Search & Replace <= 3.2.1 |
Critical | High |
All Time | 2 848 819 |
Active installations | 100 000+ |
Publicly Published | May 23, 2024 |
Last Updated | May 23, 2024 |
Researcher | Artyom Krugov |
OWASP TOP-10 | A1: Injection |
PoC | Yes |
Exploit | No |
Reference | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4145 https://wpscan.com/vulnerability/7d5b8764-c82d-4969-a707-f38b63bcadca/ |
Plugin Security Certification by CleanTalk | |
Logo of the plugin |
Timeline
April 15, 2024 | Plugin testing and vulnerability detection in the Search & Replace into WordPress have been completed |
April 15, 2024 | I contacted the author of the plugin and provided a vulnerability PoC with a description and recommendations for fixing |
May 24, 2024 | Registered CVE-2024-4145 |
Discovery of the Vulnerability
The CVE-2024-4145 vulnerability in the “Search & Replace” plugin was discovered during routine security testing. The plugin, designed to simplify the process of searching and replacing text within a WordPress database, was found to be susceptible to a Time-Based SQL injection attack. This type of SQL injection allows attackers to execute arbitrary SQL code by introducing malicious SQL queries into the application’s database operations, exploiting delays in response times to infer the outcome of the queries.
Understanding of SQL injection in WordPress
SQL injections are one of the most common and dangerous vulnerabilities in web applications. They occur when an attacker inserts malicious SQL code into a query, manipulating the database to execute unintended commands. Time-Based SQL injections, a variant of this attack, rely on introducing delays in database responses to determine the validity of injected conditions.
In the context of WordPress, SQL injections can compromise the entire website, allowing attackers to steal data, alter content, or gain administrative access. Real-world examples include attackers using SQL injections to extract user credentials, inject malware, or deface websites. The “Search & Replace” plugin’s vulnerability exemplifies how even widely-used tools can become vectors for such attacks
Exploiting the Time-Based SQL injection Vulnerability
Exploiting CVE-2024-4145 involves the following steps:
POC:
- Navigate to the WordPress admin panel.
- Go to the Tools section and select the “Search & Replace” plugin.
- Choose the Search & Replace option.
- Intercept the request using a tool like Burp Suite.
- Modify the intercepted request to include a vulnerable SQL query in the
select_tables
parameter.- Poc payload: search=123&replace=1&csv=1&select_tables%5B%5D=(SELECT+9255+FROM+(SELECT(SLEEP(1-(IF(44=44,0,5)))))cCQl)&export_or_save=1&action=search-replace&search-submit=1&insr_nonce=&_wp_http_referer=%2Fwp-admin%2Ftools.php%3Fpage%3Dsearch-replace
____
Recommendations for Improved Security
To mitigate the risks associated with SQL injection vulnerabilities like CVE-2024-4145, WordPress administrators should take the following steps:
- Update the Plugin: Ensure the “Search & Replace” plugin is updated to the latest version that addresses the vulnerability.t.
- Implement Parameterized Queries: Use prepared statements and parameterized queries to prevent SQL injection attacks.
- Input Validation and Sanitization: Rigorously validate and sanitize all user inputs to eliminate the possibility of injecting malicious code.
- Use Security Plugins: Employ security plugins and web application firewalls (WAF) to detect and block SQL injection attempts in real-time.
- Educate Users: Train users, especially those with author or higher privileges, on the importance of security best practices and recognizing potential threats.
By taking proactive measures to address Sql Injection vulnerabilities like CVE-2024-4145, WordPress website owners can enhance their security posture and safeguard against potential exploitation. Stay vigilant, stay secure.
#WordPressSecurity #SQLi #WebsiteSafety #StayProtected #VeryHighVulnerability
Use CleanTalk solutions to improve the security of your website
Artyom k.