|
Dokan Pro Unauthenticated SQL Injection POC | CVSS 10
by Loki - Monday July 8, 2024 at 02:16 PM
|
|
Jul 08, 2024, 02:16 PM
The Dokan Pro plugin for WordPress is vulnerable to SQL Injection via the 'code' parameter in all versions up to, and including, 3.10.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query.
POC: 
Jul 08, 2024, 02:19 PM
Thank you, I will try it
Jul 08, 2024, 02:24 PM
Learning SQL for ethical purpose
Jul 08, 2024, 02:34 PM
inurl:/wp-content/plugins/dokan-pro
intitle:"Dokan Pro" inurl:/wp-content/plugins ![[Image: facebook.jpg]](https://i.ibb.co/YWf3n6j/facebook.jpg)
(Jul 08, 2024, 02:34 PM)DoingFedTime Wrote: inurl:/wp-content/plugins/dokan-pro good ol' google dorks! OR we can use censys search with something like "dokan pro" and labels= `wordpress` and fetch all the servers that are using that plugin. then sort by the last modified date to weed out the patched servers.
Jul 08, 2024, 03:41 PM
@Lokie Yes, thank you for passively pointing out that I'm old hahahahahhahaha
This and Shodan as well; I'm just old school. 
Jul 08, 2024, 04:06 PM
@DoingFedTime tbh when everything fails, google dorks win
Jul 09, 2024, 05:15 AM
Need this for education
Jul 09, 2024, 08:01 AM
thank you sql injection best attack thx
Jul 16, 2024, 02:12 AM
I will try it now
|
|
« Next Oldest | Next Newest »
|
| Possibly Related Threads… | |||||
| Thread | Author | Replies | Views | Last Post | |
| new wordpress website takeover vuln (video + poc ) | 313 | 27,778 |
8 hours ago Last Post: Usercomplex |
||
| {SECRET} DATABASE OF EXPLOITS | 429 | 24,724 |
Yesterday, 08:54 PM Last Post: Yjuddur |
||
| Google Dorks for finding SQL injection vulnerabilities and other security issues | 66 | 2,943 |
Yesterday, 08:51 PM Last Post: Yjuddur |
||
| Acunetix Premium Cracked v24 Full Activated | 22 | 1,329 |
Yesterday, 09:22 AM Last Post: Usercomplex |
||
| CVE-2024-32002 RCE PoC | 1 | 379 |
Apr 24, 2026, 05:13 AM Last Post: p2wnz_bontensec |
||
