CVE-2020-27615 Scanner

Loginizer is a popular WordPress plugin used for securing the login page and preventing unauthorized access attempts. It is widely used by WordPress site administrators and security enthusiasts to manage login attempts and enforce strong security protocols. The plugin offers features such as preventing brute force attacks, two-factor authentication, and IP blocking based on security criteria. Loginizer is typically used in websites running on WordPress to add an extra layer of security beyond the default WordPress capabilities. Administrators rely on it to harden their sites against unauthorized access and enhance overall security. Its ease of use and integration with WordPress makes it a popular choice among WordPress site managers aiming to bolster login security.

SQL Injection (SQLi) vulnerability is a type of security flaw that enables attackers to manipulate database queries by injecting malicious code. This vulnerability allows unauthorized individuals to interact with the database without proper authorization, potentially extracting, modifying, or deleting sensitive information. In the case of the Loginizer plugin, the SQLi vulnerability was exploited through the 'log' parameter, allowing attackers to execute arbitrary SQL commands. This weakness occurs due to insufficient input validation and improper sanitization of user inputs before processing them in SQL queries. The vulnerability can be particularly damaging as it may lead to unauthorized data access and control over affected WordPress sites. A successful exploit of SQLi vulnerabilities can significantly compromise the confidentiality, integrity, and availability of the database and associated applications.

The vulnerability in the Loginizer plugin stems from the 'log' parameter, which allows attackers to inject harmful SQL code. Through this parameter, an attacker could manipulate SQL queries to achieve their malicious objectives. The vector used for the attack involves time-based SQL injections that rely on predetermined sleep commands to validate the presence of the vulnerability. The vulnerable endpoint is the '/wp-login.php' path where malicious payloads containing the 'log=' parameter are submitted. Attackers use this entry point to test and confirm successful injection by observing response times and server behavior. The presence of the condition 'duration >= 7' in the matcher signifies that execution time exceeds regular limits, which helps confirm the vulnerability.

If successfully exploited, the SQL Injection vulnerability in Loginizer can lead to unauthorized database access and data extraction. Attackers may obtain sensitive information such as user credentials, email addresses, and other private data stored within the database. The vulnerability also opens the door for data manipulation, where attackers could insert, update, or delete records maliciously. Malicious actors can further elevate their privilege levels within the system, granting them broader access and control over the WordPress website. This vulnerability could ultimately result in website defacement, unauthorized account access, service disruptions, or a complete data breach.

REFERENCES

• https://web.archive.org/web/20210321225040/https://wpscan.com/vulnerability/10441/
• https://www.zdnet.com/article/wordpress-deploys-forced-security-update-for-dangerous-bug-in-popular-plugin/
• https://wpscan.com/vulnerability/10441