关联漏洞
标题:WordPress plugin SQL注入漏洞 (CVE-2022-0169)Description:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress 1.6.0之前版本的Photo Gallery by 10Web 存在SQL注入漏洞,该漏洞源于bwg_frontend_data AJAX操作时,在 SQL 语句使用它之前不会验证和转义 bwg_tag_id_bwg_thumbnails_0 参数,导致未经身份验证的 SQL
Description
CVE-2022-0169 - WordPress Photo Gallery SQLi PoC
介绍
# CVE-2022-0169 — WordPress Photo Gallery SQLi PoC
This is a simple Python proof-of-concept (PoC) for **CVE-2022-0169**, an SQL injection vulnerability in the WordPress Photo Gallery plugin.
---
## What it does
* Checks the WordPress version (if available)
* Exploits the vulnerable `admin-ajax.php` endpoint
* Dumps `wp_users` usernames and password hashes
* Saves results in timestamped folders
* Prompts you to crack them with hashcat if you want
This tool is for **educational purposes only**. Use responsibly! Like you would listen to this.. 😆
---
## 🤌Usage
### 🖕 **Single target**
```bash
python3 exploit.py -u http://target.com
```
### 🖐️ **Multiple targets**
```bash
python3 exploit.py -f targets.txt
```
---
## 🕺 Options
| Option | Description |
|------------|--------------------------------------------------|
| `-u` | Single target URL |
| `-f` | File with list of targets |
| `-p` | Proxy (e.g., `http://127.0.0.1:8080`) |
| `-t` | Number of threads (default: 5) |
| `-w` | Choose wordlist for hashcat (default: rockyou.txt) Make sure that rockyou.txt is gunzipped!|
**Example:**
```bash
python3 exploit.py -u http://victim.com -w /usr/share/wordlists/rockyou.txt
```
---
**Requirements**
```bash
requests
argparse
colorama
```
## 🦠 Results
- Dumps are saved in `results/YYYYMMDD_HHMMSS/`
- One HTML dump per target
- Extracted hashes in separate files for easy cracking
When hashes are found, you’ll be asked:
```
Crack the hashes with hashcat now? [Y/N]:
```
If you hit `Y`, hashcat will run automatically using your selected wordlist.
---
## 🔫 Example attack flow
1. Run the script on your target(s).
2. Check the `results/` folder for dumps and hashes.
3. Crack them with hashcat:
```bash
hashcat -m 400 -a 0 results/YYYYMMDD_HHMMSS/hashes.txt /usr/share/wordlists/rockyou.txt
```
---
## 📢 Disclaimer
This tool is for **educational and authorized testing** only.
You are solely responsible for how you use it.
Always get permission before scanning or exploiting any system.
Stay cyberpunk.
**— X3RX3S**
文件快照
[4.0K] /data/pocs/73e13e7b54b24a64ef67b0443356f79917a07a07
├── [6.2K] CVE-2022-0169.py
├── [1.2K] LICENSE
├── [2.2K] README.md
└── [802K] Screenshot_20250709-095539__01.jpg
0 directories, 4 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮件到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对 POC 代码进行快照,为了长期维护,请考虑为本地 POC 付费/捐赠,感谢您的支持。