BogorHackers Crew

Elementor Website Builder < 3.12.2 - Admin+ SQLi

: CVE-2023-0329
.Coders

Burp Suite.
Burp Suite, go to the "Proxy" tab and set it to listen on a specific port, such as 8080.
a new browser window or tab, and set your proxy settings to use Burp Suite on port 8080.
the vulnerable Elementor Website Builder site and navigate to the Tools > Replace URL page.
the Replace URL page, enter any random string as the "New URL" and the following malicious payload as the "Old URL":

: http://localhost:8080/?test'),meta_key='key4'where+meta_id=SLEEP(2); #
"Replace URL" on the Replace URL page. Burp Suite should intercept the request.
the intercepted request to the server by right-clicking the request in Burp Suite and selecting "Forward".
server will execute the SQL command, which will cause it to hang for 2 seconds before responding. This is a clear indication of successful SQL injection.
: Make sure you have permission to perform these tests and have set up Burp Suite correctly. This command may vary depending on the specific setup of your server and the website builder plugin.

Download Script Website Portal - bukulokomedia

Download Script Website Portal - bukulokomedia Luangkan waktu anda yang berharga untuk memberikan komentarnyasedikit komentar anda sangat berharga bagi pekembangan blog ini

Mohon maaf kepada semua BHC_MEMBER
Di karenakan nya domain bogorhacker.com sudah expired, dan kami para admin juga tidak bisa melunasinya..
maka dengan terpaksa domain bogorhacker.com kami alihkan ke facebook,
karena kami mengharapkan semua BHC_MEMBER Berkumpul disni..

mohon bersabar untuk selanjutnya.
kami akan usahakan yang terbaik
terima kasih..