## https://sploitus.com/exploit?id=A40C8D1C-7680-5929-84E7-B7A946A7ACF3
This repository demonstrates a vulnerability in WordPress 5.8.2,
in which missing sanitization in class-wp-tax-query.php can, in very specific situations,
allow attackers to perform SQL injection. Note that successful exploitation
requires developers to add vulnerable code to the WordPress instance, in which unsanitized
user input is passed to a $terms variable that is used to construct a SQL function.
See evil.php in the included "evil" plugin, and the lack of sanitization of the $terms variable
in get_sql_for_clause in class-wp-tax-query.php.
Demonstration steps
sudo docker-compose up
Send the request in newexploit_req.txt to the newly created server. You should get a time delay.
Debugging notes
sudo service docker restart if name resolution failure occurs
adjust xdebug.client_host=172.19.0.1 in xdebug.ini as needed