*This is being written using Google Translator. I am currently conducting a mock experiment following EDB-ID:45411. This vulnerability is that there is SQL injection of cookies in WordPress Plugin Survey & Poll version 1.5.7.3 or lower. I ran into a problem while following this.
My environment is Windows 7 x64 (or Windows 10 x64) with Apache 2.4.58, php-7.1.7, MariaDB 10.2.7, and WordPress V4.9.8. I was able to download the plug-in 1.5.7.3 from the vulnerability site (https://www.exploit-db.com/exploits/45411). (The version is not currently distributed, and the problem I am talking about is the same in all versions. It works well.)
The problem occurs when you activate the plugin and go to [Settings > WP Survey & Poll] in the WordPress menu to create a survey page.
The error message confirmed through F12->Console is as follows: load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils&ver=4.9.8:9 JQMIGRATE: Migrate is installed, version 1.4.1 options-general.php:1 Failed to load resource: net::ERR_CONNECTION_RESET
From the second time, the error message changes to the following. load-scripts.php?c=1&load%5B%5D=jquery-core,jquery-migrate,utils&ver=4.9.8:9 JQMIGRATE: Migrate is installed, version 1.4.1 /wordpress/wp-admin/options-general.php?page=wp_sap:1 GET http://localhost/wordpress/wp-admin/options-general.php?page=wp_sap net::ERR_CONNECTION_RESET 200 (OK)
So, I can't even try creating the survey page because the page doesn't load properly... why?
I tried disabling the firewall I tried clearing the cache I tried reinstalling php, apache, etc. I tried deleting the tables in the database. I tried resetting the TCP/IP settings and (Netsh winsock reset Netsh int ip reset Ipconfig /release ip/config /renew ipconfig /flushdns) I tried using different versions of the plugin. I deleted another plugin. It's the same as the default theme I tried the same thing in Windows 10 and 7. I tried it in both Explorer and Chrome. Edit the wp-config.php file and add define('WP_DEBUG', true); or define( 'WP_MEMORY_LIMIT', '256M' );
Did I miss something? What more can I do? Is this a problem with the plugin itself (since other versions don't work the same)?
If this doesn't work, we need to come up with another alternative as soon as possible (in a week?). If the project is hopeless, are there similar vulnerabilities that could serve as an alternative? (As simple as possible? This was just to get used to it by testing out a vulnerability in WordPress and defending against it if I could...)