Exploit for WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection

Name: Exploit for WordPress Motopress Hotel Booking Lite 4.2.4 SQL Injection
Rating: 5 (224 reviews)

2022-04-19 | CVSS 0.1

## https://sploitus.com/exploit?id=PACKETSTORM:166771
# Exploit Title: WordPress Plugin Motopress Hotel Booking Lite 4.2.4 - SQL Injection  
# Date: 2022-04-11  
# Exploit Author: Mohsen Dehghani (aka 0xProfessional)  
# Vendor Homepage: https://motopress.com/  
# Software Link: https://downloads.wordpress.org/plugin/motopress-hotel-booking-lite.4.2.4.zip  
# Version: 4.2.4  
# Tested on: Windows/XAMPP  
###########################################################################  
PoC:  
  
Vulnerable File:sync-urls-repository.php  
  
public function insertUrls($roomId, $urls)  
{  
global $wpdb;  
  
if (empty($urls)) {  
return;  
}  
  
$urls = $this->prepareUrls($urls);  
$values = array();  
  
foreach ($urls as $syncId => $url) {  
$values[] = $wpdb->prepare("(%d, %s, %s)", $roomId, $syncId, $url);  
}  
  
$sql = "INSERT INTO {$this->tableName} (room_id, sync_id, calendar_url)"  
. " VALUES " . implode(', ', $values);  
  
$wpdb->query($sql);  
  
Vulnerable Parameter:  
room_id=SQL Injection  
sync_id=SQL Injection