CVE-2022-0739

This PoC exploits a SQL injection vulnerability in BookingPress before 1.0.11 via the 'bookingpress_front_get_category_services' action in WordPress admin-ajax.php. It extracts database version and user credentials (login, email, password hash) using a UNION-based SQLi attack.

This is a functional Python PoC exploit for CVE-2022-0739, targeting a SQL injection vulnerability in the WordPress BookingPress plugin. It supports database metadata lookup, credential dumping, and blind SQL injection.

This repository contains a Python-based SQL injection exploit for CVE-2022-0739, targeting the BookingPress WordPress plugin. The PoC automates the extraction of database information, including user credentials and schema dumps, by leveraging a vulnerable AJAX endpoint.

This is a functional SQL injection exploit for BookingPress before 1.0.11 (CVE-2022-0739). It extracts database names and user credentials by leveraging a vulnerable AJAX endpoint with a crafted UNION-based SQLi payload.

This repository contains a writeup describing the exploitation of CVE-2022-0739, an unauthenticated SQL Injection vulnerability in the BookingPress WordPress plugin before 1.0.11. The vulnerability arises from improper sanitization of user-supplied POST data in the bookingpress_front_get_category_services AJAX action.

This is a functional Bash exploit for CVE-2022-0739, targeting an unauthenticated SQL injection vulnerability in BookingPress < 1.0.11. It extracts user credentials from the WordPress database via a crafted AJAX request.

This Go-based PoC exploits an unauthenticated SQL injection in BookingPress < 1.0.11 via the `bookingpress_front_get_category_services` AJAX action. It extracts user data from the `wp_users` table using a UNION-based SQLi payload.

This is a functional exploit for CVE-2022-0739, targeting a SQL injection vulnerability in the BookingPress WordPress plugin before version 1.0.11. It extracts user credentials (usernames, emails, and password hashes) via a UNION-based SQLi attack.

This is a functional Python script demonstrating an unauthenticated SQL injection vulnerability in the WordPress BookingPress plugin. It exploits a vulnerable parameter to extract user credentials from the database.

This Metasploit module exploits an SQL injection vulnerability in the BookingPress WordPress plugin (CVE-2022-0739) by injecting malicious SQL payloads into the `total_service` parameter of the `bookingpress_front_get_category_services` AJAX action. It dumps WordPress user credentials, including usernames, emails, and password hashes.