POC详情: 0b51b84277fa01bddd51db3fefb9e2ecb00dca1e

来源
关联漏洞
标题: WordPress plugin KiviCare 安全漏洞 (CVE-2024-11728)
描述:WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是一个应用插件。 WordPress plugin KiviCare 3.6.4版本及之前版本存在安全漏洞,该漏洞源于tax_calculated_data函数的visit_type[service_id]参数包含一个SQL注入漏洞。
描述
KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin Unauthenticated SQL Injection PoC
介绍
# CVE-2024-11728
KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin Unauthenticated SQL Injection PoC

This repository contains a Proof of Concept (PoC) script for exploiting an SQL Injection vulnerability in the KiviCare – Clinic & Patient Management System (EHR) WordPress Plugin, versions up to and including 3.6.4. The vulnerability allows unauthenticated attackers to execute arbitrary SQL queries via the visit_type[service_id] parameter in the tax_calculated_data AJAX action.
For more details, please refer to the [blog post](https://samogod.com/2024/12/11/cve-2024-11728-kivicare-wordpress-unauthenticated-sql-injection/).

# CVE-2024-11728 - KiviCare WordPress Plugin Unauthenticated SQL Injection PoC

## Description

The KiviCare plugin is vulnerable due to insufficient escaping of user-supplied input in the `visit_type[service_id]` parameter. This allows attackers to append additional SQL queries, potentially leading to data extraction or other malicious activities.

## Usage

### Prerequisites

- Python 3.x
- Required Python packages: `requests`, `argparse`, `urllib3`

### Installation

1. Clone the repository:

   ```bash
   git clone https://github.com/yourusername/CVE-2024-11728.git
   cd CVE-2024-11728
   ```

2. Install the required packages:

   ```bash
   pip install -r requirements.txt
   ```

### Running the Script

To execute the script, use the following command:
```bash
python3 CVE-2024-11728.py -u <target_url> [-t <timeout>] [-v]
- -u, --url: Target URL (e.g., http://example.com)
- -t, --timeout: Request timeout in seconds (default: 10)
- -v, --verbose: Enable verbose output for debugging
```
### Example
```bash
python3 CVE-2024-11728.py -u https://wordpress.samogod.com -v
```
## Important Notes

- **Nonce Handling**: The script currently requires a valid `_ajax_nonce` value. This value is session-specific and must be obtained manually or through an automated process.
- **Legal Disclaimer**: This script is intended for educational purposes and authorized security testing only. Unauthorized use of this script against systems you do not own or have explicit permission to test is illegal.

## Contributing

Contributions are welcome! Please fork the repository and submit a pull request with your changes.

文件快照

[4.0K] /data/pocs/0b51b84277fa01bddd51db3fefb9e2ecb00dca1e ├── [4.9K] CVE-2024-11728.py ├── [1.8K] CVE-2024-11729.yaml └── [2.2K] README.md 0 directories, 3 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。