/CVE-2019-20361-EXPLOIT

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability).

Primary LanguageShell

CVE-2019-20361-EXPLOIT

There was a flaw in the WordPress plugin, Email Subscribers & Newsletters before 4.3.1, that allowed SQL statements to be passed to the database in the hash parameter (a blind SQL injection vulnerability). This script is a "sanized-version" of original script avalible on exploit-db.com created by @KBA@SOGETI_ESEC ,the original version was sanized on RaidForums.com

re4

COMMAND

> $ git clone https://github.com/jerrylewis9/CVE-2019-20361-EXPLOIT.git
> $ cd CVE-2019-20361-EXPLOIT
> $ chmod +x noodles.sh
> $ bash noodles.sh "url"

PREREQUISITE

sqlmap (https://github.com/sqlmapproject/sqlmap)

#The script recognize sqlmap, not sqlmap.py or similiar, so move sqlmap to bin directory.