Share
## https://sploitus.com/exploit?id=1D922E85-3677-56DB-A3F0-D3BD5024D5D7
# CVE-2025-68055
## Authenticated SQL injection in Hydra Booking Plugin get()` function, Hydra Booking hardcodes user input directly into the raw sql request instead of using **prepare** to sanitize input, leading to Time-Based Blind SQL injection.

### Exploit

A simple run command as such will tell you whether or not the running wordpress instance is vulnerable : 
```
./CVE-2025-68055.py 
    --url  
    --login  
    --password 

Exploit options : 
    --list-users 
    --dump-password 
```

Two options are available in the script as for exploitation but one can modify the script or use tools like **SQLMap** to get more specific data out of the database.

Option 1 : By adding `--list-users` the script will exploit the sql injection to dump every entry of the column `user_login` in the wordpress users table.
Option 2 : By adding `--dump-password ` the script will dump the password hash of the requested user (if the user exists)