Some days ago, a sql injection vulnerability in wp plugin ultimate product catalogue 4.2.2 was released. You can see the detail here.

Based on the paper, i wrote a simple tool to exploit the vulnerability. You can download the script here.

Untitled

How to use

./wp-plugin-product-catalog-4.2.2-sqli.py -u http://mywp/wp-admin/admin-ajax.php?action=get_upcp_subcategories -c “mycookie”

Screenshot from 2017-07-05 11-42-23

./wp-plugin-product-catalog-4.2.2-sqli.py -u http://mywp/wp-admin/admin-ajax.php?action=get_upcp_subcategories -c “mycookie” -q “SELECT user(),database()”

Screenshot from 2017-07-05 11-43-14

Advertisements