Share
## https://sploitus.com/exploit?id=WPEX-ID:2699CEFA-1CAE-4EF3-AD81-7F3DB3FCCE25
1. Ensure the "Slider by BestWebSoft" plugin is also installed (https://wordpress.org/plugins/slider-bws/)
2. Go to Galleries > Add New.
3. Click "Add Media" and choose or upload an image.
4. When publishing (or updating) the Gallery, intercept the request and change the POST parameter with name `_gallery_order_12%5B13%5D` (note the `12` and `13` are ID's and will be different in each case). Change the inner ID (the `13` in this example) to the following: `%27%20UNION%20%28SELECT%20IF%281%3D1%2CSLEEP%2810%29%2CSLEEP%285%29%29%29%23`
5. Click on the Settings tab, and click the "Create New Slider" button.
6. Note the request takes 10 seconds, demonstrating the blind SQLi.