module
Wordpress Secure Copy Content Protection and Content Locking sccp_id Unauthenticated SQLi
| Disclosed | Created |
|---|---|
| Nov 8, 2021 | Feb 25, 2022 |
Disclosed
Nov 8, 2021
Created
Feb 25, 2022
Description
Secure Copy Content Protection and Content Locking, a WordPress plugin,
prior to 2.8.2 is affected by an unauthenticated SQL injection via the
`sccp_id[]` parameter.
Remote attackers can exploit this vulnerability to dump usernames and password hashes
from the`wp_users` table of the affected WordPress installation. These password hashes
can then be cracked offline using tools such as Hashcat to obtain valid login
credentials for the affected WordPress installation.
prior to 2.8.2 is affected by an unauthenticated SQL injection via the
`sccp_id[]` parameter.
Remote attackers can exploit this vulnerability to dump usernames and password hashes
from the`wp_users` table of the affected WordPress installation. These password hashes
can then be cracked offline using tools such as Hashcat to obtain valid login
credentials for the affected WordPress installation.
Authors
h00die
Hacker5preme (Ron Jost)
Krzysztof Zając (kazet)
Hacker5preme (Ron Jost)
Krzysztof Zając (kazet)
References
Module Options
To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.