module
WordPress Google Maps Plugin SQL Injection
| Disclosed | Created |
|---|---|
| 04/02/2019 | 04/22/2019 |
Disclosed
04/02/2019
Created
04/22/2019
Description
This module exploits a SQL injection vulnerability in a REST endpoint
registered by the WordPress plugin wp-google-maps between 7.11.00 and
7.11.17 (included).
As the table prefix can be changed by administrators, set DB_PREFIX
accordingly.
registered by the WordPress plugin wp-google-maps between 7.11.00 and
7.11.17 (included).
As the table prefix can be changed by administrators, set DB_PREFIX
accordingly.
Author
Thomas Chauchefoin (Synacktiv)
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands ‘show options’ or ‘show advanced’:
msf > use auxiliary/admin/http/wp_google_maps_sqli
msf /(i) > show actions
...actions...
msf /(i) > set ACTION < action-name >
msf /(i) > show options
...show and set options...
msf /(i) > run
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.