Share
## https://sploitus.com/exploit?id=7A6411F4-C896-52AB-9725-D10DEBF9CD0F
# CVE-2024-1698 Exploit Script - Wordpress NotificationX <= 2.8.2 - SQL Injection
This is an exploit script to find out wordpress admin's username and password hash by exploiting CVE-2024-1698.

This Python script is intended for educational purposes only. It demonstrates a proof of concept for exploiting CVE-2024-1698 SQL injection vulnerability to extract admin credentials (username and password hash) from a WordPress website's NotificationX Analytics API. **Please use this script responsibly and only on systems you are authorized to test. Unauthorized or malicious use is strictly prohibited.**

## Disclaimer

The author and contributors of this script are not responsible for any misuse, damage, or illegal activity caused by the use of this tool. **Use at your own risk.**

## Requirements

- Python 3.x
- `requests` library

## Usage

1. Ensure you have Python 3.x installed on your system.
2. Install the required dependencies by running:

    pip install requests

3. Modify the `url`, `delay`, and other variables in the script according to your testing environment and requirements.
4. Run the script:

    python exploit.py

5. The script will attempt to extract the admin username and password hash. Results will be displayed if successful.

![Proof of Concept](cve-2024-1698.jpeg)

## Legal and Ethical Considerations

- **Only use this script on systems you have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.**
- Respect the privacy and security of others. Do not use this script to access sensitive information without proper authorization.
- Understand and comply with the laws and regulations governing penetration testing and ethical hacking in your jurisdiction.
- Use responsible disclosure practices if you discover security vulnerabilities while testing.

## Acknowledgements

This script is for educational purposes and was created to demonstrate the risks associated with SQL injection vulnerabilities. We encourage users to learn about web security best practices and contribute to improving the security posture of web applications.

Detail blog on CVE-2024-1698 by [White Hack Labs](https://whitehacklabs.com/)
: [Blog Post](https://ethicalhacking.uk/sql-injection-alert-dissecting-cve-2024-1698-in-notificationx-for-wordpress/)

## License

This script is licensed under the [MIT License](LICENSE). See the LICENSE file for details.

This README emphasizes responsible use, legal and ethical considerations, and encourages users to only use the script for educational purposes and with proper authorization.