CVE-2018-3811
published 2018-01-01CVE-2018-3811: SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in…
PriorityP274critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EXPLOIT
EPSS
42.91%
98.6th percentile
SQL Injection vulnerability in the Oturia Smart Google Code Inserter plugin before 3.5 for WordPress allows unauthenticated attackers to execute SQL queries in the context of the web server. The saveGoogleAdWords() function in smartgooglecode.php did not use prepared statements and did not sanitize the $_POST["oId"] variable before passing it as input into the SQL query.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| oturia | smart_google_code_inserter | < 3.5 | 3.5 |
Detection & IOCsextracted from sources · hover to see the quote
commandaction=saveadwords&delconf=1&oId[]=1 OR 1=1--&ppccap[]=ex:mywplead&ppcpageid[]=1&ppccode[]=bb&nchkdel1=on↗
snort
ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi (CVE-2018-3811); flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/options-general.php?page=smartcode"; nocase; endswith; fast_pattern; http.request_body; content:"action=saveadwords"; nocase; startswith; content:"oId="; nocase; distance:0; pcre:"/oId=[^&]*(?:S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\/\*.+\*\/|EXEC)/i"; sid:2033638; rev:2;
- →Look for unauthenticated POST requests to /options-general.php?page=smartcode with a body starting with 'action=saveadwords' and containing an 'oId=' parameter bearing SQL injection payloads (UNION, SELECT, OR 1=1, etc.).
- →The vulnerable parameter is $_POST["oId"] passed unsanitized into a SQL query inside saveGoogleAdWords() in smartgooglecode.php; monitor for array-style abuse (oId[]) as well as scalar oId= values. ↗
- →The exploit also targets a second action ('savegooglecode') via the same endpoint; monitor POST requests to the same URI for both action values. ↗
- ·The Snort/Suricata rule (sid:2033638) requires SSL/TLS decryption to be effective against HTTPS-protected WordPress installations, as indicated by the 'deployment SSLDecrypt' metadata.
- ·Exploitation does not require authentication; any unauthenticated attacker can reach the vulnerable endpoint, so perimeter-only controls are insufficient without WAF-level inspection of POST bodies. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Suricata
ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi (CVE-2018-3811)
suricata·2021-08-02·CVSS 9.8
CVE-2018-3811 [CRITICAL] ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi (CVE-2018-3811)
ET EXPLOIT Smart Google Code Inserter [$HOME_NET,$HTTP_SERVERS] any (msg:"ET EXPLOIT Smart Google Code Inserter < 3.5 SQLi (CVE-2018-3811)"; flow:established,to_server; http.method; content:"POST"; nocase; http.uri; content:"/options-general.php?page=smartcode"; nocase; endswith; fast_pattern; http.request_body; content:"action=saveadwords"; nocase; startswith; content:"oId="; nocase; distance:0; pcre:"/oId=[^&]*(?:S(?:HOW.+(?:C(?:HARACTER.+SET|UR(DATE|TIME))|(?:VARI|T)ABLES)|ELECT.+(?:FROM|USER))|U(?:NION.+SELEC|PDATE.+SE)T|DELETE.+FROM|INSERT.+INTO|\/\*.+\*\/|EXEC)/i"; reference:url,www.exploit-db.com/exploits/43420; reference:url,github.com/projectdiscovery/nuclei; reference:cve,2018-3811; classtype:attempted-admin; sid:2033638; rev:2; metadata:affected_product Wordpress_Plugins, attack
No writeups or analysis indexed.
https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlhttps://wordpress.org/plugins/smart-google-code-inserter/#developershttps://wpvulndb.com/vulnerabilities/8988https://www.exploit-db.com/exploits/43420/https://limbenjamin.com/articles/smart-google-code-inserter-auth-bypass.htmlhttps://wordpress.org/plugins/smart-google-code-inserter/#developershttps://wpvulndb.com/vulnerabilities/8988https://www.exploit-db.com/exploits/43420/
2018-01-01
Published