CVE-2022-21661

This exploit demonstrates a SQL injection vulnerability in WordPress Core versions prior to 5.8.3 via the WP_Query class. The PoC provides a sample HTTP request that injects malicious input into the 'tax_query' parameter, allowing an attacker to disclose sensitive information from the database.

This repository contains a Go-based scanner for detecting CVE-2022-21661, a SQL injection vulnerability in WordPress versions 4.1 to 5.8.2. It checks for the vulnerability by sending crafted payloads to the target's admin-ajax.php endpoint and analyzing responses.

This PoC demonstrates an out-of-band SQL injection vulnerability in WordPress versions prior to 5.8.3. The exploit leverages a crafted POST request to admin-ajax.php, using the tax_query parameter to trigger a DNS-based exfiltration of the database version via load_file.

This repository contains a proof-of-concept exploit for CVE-2022-21661, a vulnerability in the Ele Custom Skin WordPress plugin. The exploit involves a Docker setup to replicate the vulnerable environment and includes the plugin files necessary to demonstrate the vulnerability.

This repository contains a Python-based exploit for CVE-2022-21661, targeting a SQL injection vulnerability in the Elementor Custom Skin plugin for WordPress. The exploit includes methods for information gathering, user credential extraction via time-based blind SQL injection, and DNS exfiltration.

This repository contains a functional exploit for CVE-2022-21661, a SQL injection vulnerability in WordPress versions below 5.8.3. The exploit uses time-based blind SQL injection to extract database names and user credentials, including password hashes.

This is a Python-based PoC for CVE-2022-21661, a SQL injection vulnerability in WordPress. It tests for vulnerability by sending crafted requests to the admin-ajax.php endpoint and checks for responses indicating successful exploitation via MD5 hash extraction or time-based delays.

This repository demonstrates a SQL injection vulnerability in WordPress 5.8.2 via a malicious plugin that exploits unsanitized input in class-wp-tax-query.php. The PoC includes a Docker setup and a blind SQLi example using time delays.

The repository contains only a README file with minimal content, lacking any technical analysis or exploit code for CVE-2022-21661. No functional exploit or detailed writeup is present.

This is a Python-based PoC for CVE-2022-21661, a WordPress vulnerability that allows unauthenticated object injection, potentially leading to RCE. The script checks for vulnerability by testing SQL injection via MD5 hash extraction and time-based queries.

This repository contains a proof-of-concept exploit for CVE-2022-21661, a SQL injection vulnerability in WordPress. The PoC includes a malicious HTTP request that leverages a crafted `tax_query` parameter to extract database information, such as the MySQL version.

This repository contains a README file referencing CVE-2022-21661, a SQL Injection vulnerability in WordPress Core 5.8.2 via 'WP_Query'. It includes a link to an ExploitDB entry and a screenshot but no actual exploit code.

This repository contains a Python-based scanner for detecting CVE-2022-21661, a SQL injection vulnerability in WordPress. The scanner checks for the vulnerability by sending crafted payloads to the target and analyzing responses.

This repository contains a README describing CVE-2022-21661, an SQL injection vulnerability in WordPress Core 5.8.2 via 'WP_Query'. It references an ExploitDB entry and includes a link to a PoC video.