Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

0 votes

Vulnerable endpoint with injection point.

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
[Redacted]
Content-Type: application/x-www-form-urlencoded

action=<action_name>&nonce=[redacted]&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<inject here>"]}}}
by (261 points)

1 Answer

0 votes
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
[Redacted]
Content-Type: application/x-www-form-urlencoded

action=<action_name>&nonce=[redacted]&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<inject here>"]}}}
by (261 points)
...