关联漏洞
标题:
WordPress plugin BookingPress SQL注入漏洞
(CVE-2022-0739)
描述:WordPress是Wordpress基金会的一套使用PHP语言开发的博客平台。该平台支持在PHP和MySQL的服务器上架设个人博客网站。WordPress plugin是WordPress开源的一个应用插件。 WordPress plugin BookingPress 1.0.11 版本之前存在SQL注入漏洞,该漏洞源于通过 AJAX 请求 bookingpress_front_get_category_services 函数操作用于动态构建的 SQL 查询之前,没有正确清理用户提供的 POST 数据。
描述
CVE-2022-0739 Wordpress BookingPress SQLi
介绍
# CVE-2022-0739
CVE-2022-0739 Wordpress BookingPress Plugin < 1.0.11 Unauthenticated SQL Injection
## Getting Started
### Executing program
* With python3
```
python3 sqli.py -u 'http://wordpress.site' -p 'wpnonce_value'
```
## Help
For help menu:
```
python3 sqli.py -h
```
## Disclaimer
All the code provided on this repository is for educational/research purposes only. Any actions and/or activities related to the material contained within this repository is solely your responsibility. The misuse of the code in this repository can result in criminal charges brought against the persons in question. Author will not be held responsible in the event any criminal charges be brought against any individuals misusing the code in this repository to break the law.
文件快照
[4.0K] /data/pocs/c03bacfff70c9e855287167478765c05d483bc5d
├── [ 771] README.md
└── [1.9K] sqli.py
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。