Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2024-1698 PoC — NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Una

Source
https://github.com/kamranhasan/CVE-2024-1698-Exploit
Associated Vulnerability
Title:NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor <= 2.8.2 - Unauthenticated SQL Injection (CVE-2024-1698)
Description:The NotificationX – Best FOMO, Social Proof, WooCommerce Sales Popup & Notification Bar Plugin With Elementor plugin for WordPress is vulnerable to SQL Injection via the 'type' parameter in all versions up to, and including, 2.8.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
Description
This is an exploit script to find out wordpress admin's username and password hash by exploiting CVE-2024-1698.
Readme
# CVE-2024-1698 Exploit Script - Wordpress NotificationX <= 2.8.2 - SQL Injection
This is an exploit script to find out wordpress admin's username and password hash by exploiting CVE-2024-1698.

This Python script is intended for educational purposes only. It demonstrates a proof of concept for exploiting CVE-2024-1698 SQL injection vulnerability to extract admin credentials (username and password hash) from a WordPress website's NotificationX Analytics API. **Please use this script responsibly and only on systems you are authorized to test. Unauthorized or malicious use is strictly prohibited.**

## Disclaimer

The author and contributors of this script are not responsible for any misuse, damage, or illegal activity caused by the use of this tool. **Use at your own risk.**

## Requirements

- Python 3.x
- `requests` library

## Usage

1. Ensure you have Python 3.x installed on your system.
2. Install the required dependencies by running:

    pip install requests

3. Modify the `url`, `delay`, and other variables in the script according to your testing environment and requirements.
4. Run the script:

    python exploit.py

5. The script will attempt to extract the admin username and password hash. Results will be displayed if successful.

![Proof of Concept](cve-2024-1698.jpeg)

## Legal and Ethical Considerations

- **Only use this script on systems you have explicit permission to test. Unauthorized access to computer systems is illegal and unethical.**
- Respect the privacy and security of others. Do not use this script to access sensitive information without proper authorization.
- Understand and comply with the laws and regulations governing penetration testing and ethical hacking in your jurisdiction.
- Use responsible disclosure practices if you discover security vulnerabilities while testing.

## Acknowledgements

This script is for educational purposes and was created to demonstrate the risks associated with SQL injection vulnerabilities. We encourage users to learn about web security best practices and contribute to improving the security posture of web applications.

Detail blog on CVE-2024-1698 by [White Hack Labs](https://whitehacklabs.com/)
: [Blog Post](https://ethicalhacking.uk/sql-injection-alert-dissecting-cve-2024-1698-in-notificationx-for-wordpress/)

## License

This script is licensed under the [MIT License](LICENSE). See the LICENSE file for details.

This README emphasizes responsible use, legal and ethical considerations, and encourages users to only use the script for educational purposes and with proper authorization.
File Snapshot

 [4.0K]  /data/pocs/21a8429b3757176f884d000c8acc6cede52d570c
├── [257K]  cve-2024-1698.jpeg
├── [2.7K]  exploit.py
└── [2.5K]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →