.. / CVE-2022-0739

Exploit for BookingPress WordPress plugin < 1.0.11 - SQL Injection (CVE-2022-0739)

Description:

The BookingPress WordPress plugin before 1.0.11 fails to properly sanitize user supplied POST data before it is used in a dynamically constructed SQL query via the bookingpress_front_get_category_services AJAX action (available to unauthenticated users), leading to an unauthenticated SQL Injection

Proof of Concept

PoC exploit

https://github.com/destr4ct/CVE-2022-0739

Try the exploit in a lab environment:

Lab	Machine	Link
Hack The Box	MetaTwo	Go to Practice

References:

https://nvd.nist.gov/vuln/detail/CVE-2022-0739

.. / CVE-2022-0739 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for BookingPress WordPress plugin < 1.0.11 - SQL Injection (CVE-2022-0739)

Description:

Proof of Concept

PoC exploit

Try the exploit in a lab environment:

.. / CVE-2022-0739