关联漏洞
标题:
WordPress plugin KiviCare 安全漏洞
(CVE-2024-11728)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin KiviCare 3.6.4版本及之前版本存在安全漏洞,该漏洞源于tax_calculated_data函数的visit_type[service_id]参数包含一个SQL注入漏洞。
描述
KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin Unauthenticated SQL Injection PoC
介绍
# CVE-2024-11728
KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin Unauthenticated SQL Injection PoC
This repository contains a Proof of Concept (PoC) script for exploiting an SQL Injection vulnerability in the KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin, versions up to and including 3.6.4. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via the visit_type[service_id] parameter in the tax_calculated_data AJAX action.
For more details, please refer to the [blog post](https://samogod.com/2024/12/11/cve-2024-11728-kivicare-wordpress-unauthenticated-sql-injection/).
# CVE-2024-11728 - KiviCare WordPress Plugin Unauthenticated SQL Injection PoC
## Description
The KiviCare plugin is vulnerable due to insufficient escaping of user-supplied input in the `visit_type[service_id]` parameter. This allows attackers to append additional SQL queries, potentially leading to data extraction or other malicious activities.
## Usage
### Prerequisites
- Python 3.x
- Required Python packages: `requests`, `argparse`, `urllib3`
### Installation
1. Clone the repository:
```bash
git clone https://github.com/yourusername/CVE-2024-11728.git
cd CVE-2024-11728
```
2. Install the required packages:
```bash
pip install -r requirements.txt
```
### Running the Script
To execute the script, use the following command:
```bash
python3 CVE-2024-11728.py -u <target_url> [-t <timeout>] [-v]
- -u, --url: Target URL (e.g., http://example.com)
- -t, --timeout: Request timeout in seconds (default: 10)
- -v, --verbose: Enable verbose output for debugging
```
### Example
```bash
python3 CVE-2024-11728.py -u https://wordpress.samogod.com -v
```
## Important Notes
- **Nonce Handling**: The script currently requires a valid `_ajax_nonce` value. This value is session-specific and must be obtained manually or through an automated process.
- **Legal Disclaimer**: This script is intended for educational purposes and authorized security testing only. Unauthorized use of this script against systems you do not own or have explicit permission to test is illegal.
## Contributing
Contributions are welcome! Please fork the repository and submit a pull request with your changes.
文件快照
[4.0K] /data/pocs/0b51b84277fa01bddd51db3fefb9e2ecb00dca1e
├── [4.9K] CVE-2024-11728.py
├── [1.8K] CVE-2024-11729.yaml
└── [2.2K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。