Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Msf::Exploit::Remote::HTTP::Wordpress::SQLi #19497
Add Msf::Exploit::Remote::HTTP::Wordpress::SQLi #19497
Changes from 6 commits
14f1d6a
3da638e
fa0d54e
a1b4106
2d6862c
a5d9a06
0409d4e
22443b5
1e95cba
f52cd8b
05c579f
d01e8d4
8cbe572
c152163
31a66d5
3987a76
de5324e
6c048df
94145ea
fb35f67
c15f186
c259ce0
File filter
Filter by extension
Conversations
Jump to
There are no files selected for viewing
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Does there need to be a check here? From a quick glance at the
raw_run_sql
method I think we may want something here maybe.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hey @cgranleese-r7, I considered adding a check, but my concern is it could slow down the process significantly, especially since we're working with blind SQL injection (time-based or boolean). We're already querying to find the table prefix, and adding another check for admin privileges would likely delay the execution even more. Plus, if the SQL query fails, I think there's nothing more we can do anyway.
That said, if the check is necessary, I can implement it. What do you think?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My thoughts where just that when I was looking at the code I was wondering if there could be a scenario were:
fails for whatever reason and then prompts the user with:
I just thought that could be confusing from a user perspective is all and was worth calling out.