Slides and code used to present the research conducted together with @dipa96 in which we implemented custom templates for Semgrep with the purpose of detecting SQL Injection from the analysis of Wordpress plugin source code.
This project was presented at the ComeToCode2022 conference. The project was born out of a desire to explore the world of code review and the SemGrep tool.
Watch our presentation at: Slides_ENG
Project requires:
Make sure each requirement is installed correctly before proceeding.
Run the following command to download the latest version of project.
git clone https://github.com/dipa96/GreedyForSQLi
Setting up your wordpress environment. Check docker-compose.yaml file for details or change settings.
cd GreedyForSQLi
docker-compose up -d
By default you will find wordpress at: http://10.10.10.2/
Once have WordPress configured you will have plugins installed and already be able to launch your first semgrep scan with our semgrep templates.
cd GreedyForSQLi
cd rules/php/wordpress/plugins
semgrep -c ajax-action-to-sqli.yaml -c ajax-action-to-sqli-deep.yaml ../../../../plugins/wp-visual-slidebox-builder
We started reporting vulnerabilities to WPScan. Currently these are the updated CVEs.
- CVE-2022-3241 | Build App Online < 1.0.19 - Unauthenticated SQL Injection
- CVE-2022-3860 | Visual Email Designer for WooCommerce < 1.7.2 - Multiple Author+ SQLi