rootOptional (13)
Last Login: October 02, 2020
rootOptional's Latest (4) Contributions
Technical Analysis
This CVE is fairly obscure due to it being present in the WordPress plugin google-maps in versions between 7.11.00 and 7.11.17.
The way this is exploited is the plugin does not sanitise field names before a select statement. This results in it being vulnerable to sql injection. This can be exploited to dump credentials and password hashes for users within the database resulting in potential account takeover if these hashes aren’t hashed correctly or if they use weak passwords.
For this, the plugin also needs to be out of date as it is easily patched by upgrading the plugin to the latest version. However, it isn’t uncommon to find outdated plugins within WordPress sites. There is also a Metasploit module designed to automate the exploitation process
Technical Analysis
This exploit is fairly straight forward, for an actor to exploit this they would only have to intercept the networking traffic sent when a user submits their credentials for authentication. Because of the weak encoding used (Base64) it would be easy to decode and gain access to a users credentials allowing potential account takeovers.
The only difficulty is the lack of connectivity that the affected devices have.
Technical Analysis
This vulnerability is common in LiveZilla Live Chat 8.0.1.3 within the chat.php page. The vulnerability is a blind xss injection which lies within the name parameter which once triggered can pull username and passwords of employees.
This provides attackers with a privilege escalation from unauthenticated to a user which can lead to a full attack takeover.
This also has the potential to leak multiple credentials due to their storage within a database and is also confirmed to affect lgn and psswrd fields.
Due to this, it wouldn’t take an attacker much prior knowledge to find a payload which returns the credentials of a user and so providing access to a user.
For this reason, an attacker is presented with low risk, high reward attack vector.
Technical Analysis
The vulnerability allows a malicious actor access to any files within the system via a local file inclusion. This isn’t a vulnerability that requires a heap of knowledge, just enough to craft the http request. It’s also vulnerable in a series of versions prior to the release of 19.4R1. Though these systems aren’t commonly found.