Exploit for SQL Injection in Prestashop Blockwishlist CVE-2022-31101

Name: Exploit for SQL Injection in Prestashop Blockwishlist CVE-2022-31101
Rating: 5 (219 reviews)

2022-08-09 | CVSS 6.5

## https://sploitus.com/exploit?id=51328C9F-D90C-5D08-9A1B-9BE77961DB26
# CVE-2022-31101
Exploit for PrestaShop bockwishlist module 2.1.0 SQLi (CVE-2022-31101)


## Usage
- `python3 cve-2022-31101.py`
- Give the url to the wishlist when prompted. Example of a url: `http://example.com/module/blockwishlist/view?id_wishlist=1`
- Give the cookies for your account when prompted.
- Now it will start attacking the website.

## In action
![cve-2022-31101](https://user-images.githubusercontent.com/59091280/183629068-cbd9ffad-c3cf-4a5e-9571-5d8d5becbe3d.png)

### Note
This exploit assumes the prefix for the table names in the database to be `ps_`. It is the default prefix given by PrestaShop.