Techbypass always tries to help you to learn about recent vulnerabilities and exploitations.

Learn and share your security findings and help others to secure their digital assets.

Need any help mail to [email protected]

0 votes

Vulnerable endpoint with injection point.

POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
[Redacted]
Content-Type: application/x-www-form-urlencoded

action=<action_name>&nonce=[redacted]&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<inject here>"]}}}
by (277 points)

1 Answer

0 votes
POST /wp-admin/admin-ajax.php HTTP/1.1
Host: localhost
[Redacted]
Content-Type: application/x-www-form-urlencoded

action=<action_name>&nonce=[redacted]&query_vars={"tax_query":{"0":{"field":"term_taxonomy_id","terms":["<inject here>"]}}}
by (277 points)
...